How authorization works

Authorization

The APIs are using Bearer Token Authentication.

This means you first need to get a token, then you may request the API using the token.

How to request an access token:

1. Set the content type to:
   Content-Type: 'application/x-www-form-urlencoded'
2. In the request body, add these variables:
   client_id=norway-customer-api
   grant_type=password
   username={simsId}
   password={simsPassword}
   
3. POST a request to this URL:
   https://auth-int.dbschenker.com/as/token.oauth2(test) https://auth.dbschenker.com/as/token.oauth2(production)
   
4. The response body contains an access_token. Add this token to the Authorization header in every HTTP request to the API, like this:
   Authorization: Bearer {access_token}
   Notice that the token contains an expire timestamp (exp). It is important to verify the expiration before reusing the token.