QuickstartAPI Reference
Quickstart
Start typing to search…

IAM & Authentication

How to authenticate using the IAM API and gain access to protected resources.

Bedrijfsrooster API endpoints are secured and can be accessed by sending the Authorization header, in the form of an OAuth2 access_token or OIDC ID Token.

Using the OAuth2 standard

The Bedrijfsrooster API supports the global standard OAuth2 authorization framework.

You can use the OAuth2 (default) authorization_code, client_credentials and refresh_token grant types to get an access_token. Read how to get started at the following API reference.

https://developers.bedrijfsrooster.nl/reference#oauthtoken

The IAM /token and /idToken endpoint references provide all the information to get started. If you require addtional assistance or requirements please contact support.

Using the OpenID Connect standard

You can use OpenID Connect compatible JSON Web Tokens that are issued and accepted by the IAM API endpoints. Checkout the IAM OAuth2 /token endpoint to get started. The IAM API is compatible using OpenID Connect ID Tokens as OAuth2 access_tokens and vice versa.

JWT helper libraries
There are many platform independant libraries, like firebase/jwt, that you can use to process ID Tokens, which are of the JSON Web Token format. This makes token expire checks and other logic available out of the box.

Getting started

To get started right away, complete the following steps.

  1. Setup a customer API User to get credentials.
  2. Use the IAM OAut2 /token endpoint to get a long-lived refreshToken.
  3. Use the IAM idToken endpoint to get an ID Token, which expires about every hour.
  4. ID Tokens can be used on all API endpoints to authenticate.

When successful completing one of the OAuth2 authorization flows, you can request an ID Token at the IAM API token endpoints. This will provide the following response, which is OAuth2 compatible and tokens are also OpenID Connect ID JWT compatible.

{
    "access_token":"{{ID_TOKEN}}",
    "id_token":"{{ID_TOKEN}}",
    "expires_in":"3600",
    "token_type":"bearer",
    "refresh_token":"{{REFRESH_TOKEN}}"
}

Cache your ID Token while you can and re-use it while it lasts. Securely store the {{REFRESH_TOKEN}} so you can use it to refresh expired ID Tokens, without needing user credentials of your API User.

OAuth2 access_token and refresh_token should be handled the same.

You are now ready to Authenticate on the Bedrijfsrooster API

❗️

ID & Access Tokens expire and should be refreshed

When you use an access_token or ID Token, make sure to handle it's expiration time properly. Reuse tokens if possible and request new tokens using your refresh token.

The Bedrijfsrooster API may penalize excessive and unnecessary authorization requests.

If you need assistance setting up OAuth2 or OpenID Connect authentication, feel free to contact support. Third parties like Okta and Auth0 provide many helpful tutorials as well.

Updated 10 months ago

What’s Next

Now that you have an ID Token or OAuth2 access_token, you can make requests to secured endpoints. Checkout the API reference to get started.