Prerequisites

• Must be signed up to Alm Brand Developer Portal and have a valid user - Sign up here.

• Must be signed in - Sign In here.

Introduction

Before you can access any of Alm Brand's API you both need to make a subscription to an API Product and be  authorized - either as an authorized application or as an authorized end-user.

Subscriptions are managed via the Azure Developer Portal. You can always see you actual subscriptions by navgating to the dashboard.   

Authorization is based on oAuth2 and Open Id Connect, using Auth0 as Identity provider.

Subscriptions - steps

1. Navigate to an API Products containing the API. 

2. Click subscribe button

3. Navigate to  profile page to see your actual subscription_key's

4. Store one of subscriptions key's in your client application, before calling an API.

5. Look at an example - Replace {{subscription_key}} with your own subscriptions key.

Authorization - steps

1. Register your client application by sending an inquiry to Alm Brand's API Team (api@almbrand.dk)

2. After your identity is vetted by Alm Brand (within 24 h) you will receive an email with client id/secret
   In the API examples the client credential are refered to as {{client_id}} and {{client_secret}}

3. If your client application is a web server (not a single page application) goto next step, otherwise contact Alm Brand's API Team (p.integration@almbrand.dk)

4. Store the client id/secret in your client application, before calling an API. 

5. if your client application access the APIs as machine-to-machine without an end-user

   Use Client Credential Flow to request an access token (Jwt) from Auth0. 

6. if your client application access the APIs as a partner administrator (end-user)
   (to be described)

7. if your client application access the APIs as a customer (end-user)
   (to be described)

8. Look at an example - Replace {{access_token}} with your the requested accee_token key.

Client Credential Flow

An access token can be requested by the following API call:

Request

POST /oauth/token 
Host: almbrand-test.eu.auth0.com
Content-Type: application/json

{
  "client_id": "{{client_id}}",
  "client_secret": "{{client_secret}}",
  "audience": "https://api.almbrand.dk/",
  "grant_type": "client_credentials"
}

Response

HTTP/1.1 200 OK
Content-Type: application/json

{
  "access_token":{{access_token}},
  "scope": "openid profile",
  "expires_in": 21600,
  "token_type": "Bearer"
}