Prerequisites

• Must be signed up to Alm Brand Developer Portal and have a valid user - Sign up here.

• Must be signed in - Sign In here.

Introduction

Before you can access any of Alm Brand's API you both need to make a subscription to an API Product and be  authorized - either as an authorized application or as an authorized end-user.

Subscriptions are managed via the Azure Developer Portal. You can always see you actual subscriptions by navgating to the dashboard.   

Authorization is based on oAuth2 and Open Id Connect.

Subscriptions - steps

1. Navigate to an API Products containing the API. 

2. Click subscribe button

3. Navigate to  profile page to see your actual subscription_key's

4. Store one of subscriptions key's in your client application, before calling an API.

5. Look at an example - Replace {{subscription_key}} with your own subscriptions key.

Authorization - steps

1. Register your client application by sending an inquiry to Alm Brand's API Team (api@almbrand.dk)

2. After your identity is vetted by Alm Brand (within 24 h) you will receive an email with client id/secret
   In the API examples the client credential are refered to as {{client_id}} and {{client_secret}}

3. If your client application is a web server (not a single page application) goto next step, otherwise contact Alm Brand's API Team (api@almbrand.dk)

4. Store the client id/secret in your client application, before calling an API. 

5. if your client application access the APIs as machine-to-machine without an end-user

   Use Client Credential Flow to request an access token (Jwt) from Auth0. 

6. if your client application access the APIs as a partner administrator (end-user)
   (to be described)

7. if your client application access the APIs as a customer (end-user)
   (to be described)

8. Look at an example - Replace {{access_token}} with your the requested accee_token key.

Client Credential Flow

An access token can be requested by the following API call:

Request

POST /oauth/token 
Host: almbrand-test.eu.auth0.com
Content-Type: application/json

{
  "client_id": "{{client_id}}",
  "client_secret": "{{client_secret}}",
  "audience": "https://api.almbrand.dk/",
  "grant_type": "client_credentials"
}

Response

HTTP/1.1 200 OK
Content-Type: application/json

{
  "access_token":{{access_token}},
  "scope": "openid profile",
  "expires_in": 21600,
  "token_type": "Bearer"
}