API Access

Login tokens

To access any Bio-Prodict API endpoint an authentication token is required. To obtain a token a 3DM account is required. These accounts can be registered at Bio-Prodict Accounts. We use Oauth tokens to validate access to APIs. These tokens can be obtained from an oauth server and are valid for a number of hours. 

Retrieve OAUTH Token

To retrieve a token use an HTTP POST request to https://api.bio-prodict.nl/oauth/oauth/token with the following parameters:

ParameterDescription
grant_typeHardcoded string
username3DM account username
password3DM account password
client_idHardcoded string
client_secretHardcoded string
twofactorOptional two-factor code

Provide the username and password of your 3DM account, if your password contains special characters these should be URL encoded. The grant_type for default requests is 'password' (to refresh an access token; see Refresh OAUTH token). The client_id and client_secret will be provided by Bio-Prodict separately.

The token request needs to contain an authorization header: {"Authorization":  "Basic {client_details}"}, in which client_details is a base64 encoded string of the client_id (as key) and the client_secret (as value), e.g. "{client_id}:{client_secret}". Make sure that no trailing newlines are included.

The response will look like the example below:

Token Request Response
{
    "access_token": "{token}",
    "expires_in": 43199,
    "fullname": "{fullname}",
    "jti": "396f89d8-92d2-4211-9fe7-b4db82a4e691",
    "scope": "read write",
    "token_type": "bearer",
    "userid": {userid},
    "username": "{username}"
}

The access token should be used when sending requests to any of the Bio-Prodict APIs via a header: 'Authorization: Bearer ${token}'

Refresh OAUTH Token

To refresh a token send a token request to the endpoint described in the 'Retrieve OAUTH Token' paragraph with the following parameters: grant_type=refresh_token and refresh_token=${refresh_token}. The refresh token is included in the original token request. A Basic authorization header as described in the 'Retrieve OAUTH Token' paragraph is required. Note that refresh tokens are not available for all client_id's.