The API for NOBB Kontrakt uses OAuth 2.0 as its authentication mechanism.
In order to authenticate against the API, you will need a Client Id, a Client Secret, and an Audience. These are values you will get from Byggtjeneste when you enter into a contract to use the API for NOBB Kontrakt.
Once you have the above, you will first need to make a request to the Byggtjeneste Auth API, to generate an Authorization Bearer Token. Then you will be able to access the API using the Authorization Bearer Token.
Auth API Access
To generate an Authorization Bearer Token, you will need to call the Auth API with your Client Id, Client Secret, and Audience (https://nobbkontrakt.byggtjeneste.no). An example request is below:
curl -L -X POST 'https://AUTHAPIURL/api/clientaccess' \ -H 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'clientId=ID' \ --data-urlencode 'clientSecret=SECRET' \ --data-urlencode 'audience=AUDIENCE'
After a successful request, you will receive an Authorization Bearer Token that you can pass to the API for NOBB Kontrakt to make authenticated requests.
Access to the API for NOBB Kontrakt
To access the API, you will need to pass the Authorization Bearer Token, you received from the Auth API. An example CURL request is below:
curl -X POST \ 'https://api.byggtjeneste.no/nobbkontrakt/vX/method' \ -H 'Authorization: Bearer YOUR_GENERATED_BEARER_TOKEN'
For more information on the Auth API, including URLs to different environments, please visit the Authentication API space.