Skip to main content
Skip table of contents

Authentication

Introduction

Some of the Byggtjeneste APIs use the OAuth 2.0 client credentials flow for authentication and authorization. For this purpose, a separate Auth API, decoupled from the actual content API, is available.

To access a Byggtjeneste API, you will first need to make a request to the Auth API, to generate an access token. Once you have an access token you can access the actual Byggtjeneste API.

Generate access token

To generate an access token, you will need:

  • The Auth API token URL

  • A Client ID and a Client Secret

  • The Scope for the API.

The Client ID and Client Secret can be created and managed in Byggtjeneste Admin.

Byggtjeneste offers two environments: one for testing purposes, and one for production. Below is a table of the information you need according to the environment:

Test environment

Production environment

Auth API token URL

https://auth.byggtjeneste.no/api/v1/token

https://auth.byggtjeneste.no/api/v1/token

Byggtjeneste Admin URL

https://bt-btadminfrontend-test-app-webapp.azurewebsites.net

https://admin.byggtjeneste.no

Scope for NOBB Connect Supplier

api://706373f2-9e5b-42bd-8c32-614e1fc068f2/.default

api://09332237-525b-4fa4-8dd9-e75d465cdbf9/.default

Scope for NOBB Kontrakt API

api://aeb2714c-b8fb-44f3-887c-97a3a171a3e3/.default

api://5d3672f7-5d67-4f95-9281-04e8b466c0de/.default

A token is generated by making a request to the Auth API token URL. The request must:

  • Be an HTTP POST request.

  • Have header Content-Type with value application/x-www-form-urlencoded.

  • Have field grant_type in the body with value client_credentials.

  • Have field client_id in the body with your client ID as the value.

  • Have field client_secret in the body with your client secret as the value.

  • Have field scope in the body with the scope for the API you want to access as the value.

This is according to the OAuth 2.0 spec, so it also means that when using e.g. Postman you can use the built-in functionality there for requesting an access token. Here is an example of a request using cURL:

CODE 
curl --request POST \
  --url https://auth.byggtjeneste.no/api/v1/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data scope={SCOPE} \
  --data client_id={CLIENT_ID} \
  --data 'client_secret={CLIENT_SECRET}'

The response should contain your access token in the access_token field. An access token is valid for 60 to 90 minutes. Once the token expires, you will need to make another request to the Auth API to generate a new token. The expires_in field in the response shows how many seconds there are left before it expires.

Accessing a Byggtjeneste API

Now that you have a token, you can start using a Byggtjeneste API. For each request you need to have the Authorization header set to: Bearer YOUR_GENERATED_TOKEN. If you receive status code 401 Unauthorized, make sure that:

  • You have a subscription to the Byggtjeneste API.

  • The Scope passed in the Auth API request matches the Byggtjeneste API you are trying to access.

  • The access token has not expired.

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close