Before any other call to the server can be made, an authorization token is required.
Basic authentication
Using basic authentication with user credentials an authorization token can be acquired.
To retrieve an authorization token the software house identification and the user credentials have to be posted.
A successful call of the authentication method will return an access token, valid for 10 minutes.
Using an OAuth token
Authorize Step
To retrieve an authorization code you need to provide the following parameters:
•Scope : webservice
•response_type : code
•client_id : this is the software house identification assigned
•redirect_uri : this is the redirect uri that was given when registering the software house
•state : the state parameter is used by the application to store request-specific data and/or prevent CSRF attacks. The authorization server will return the unmodified state value back to the application.
The url for the authorization is : https://service.inaras.be/octopus-oauth/authorize
The user will be redirected to a login screen to enter their octopus credentials.
In case the user hasn't given authorization to allow the third party application to communicate with the webservice the following screen will be shown
Where 'Inaras' will be replaced by the name of the software company used when registrating the software house.
You are redirected to the redirect_uri with a parameter code, which contains the authorization code. This code is valid for 5 minutes.
Token retrieval
To retrieve an access token from an authorization code, you will need to POST the following parameters:
•grant_type : authorization_code
•client_id : software house identification
•code : the authorization code received from the previous step
This will return a JSON structure with an access token, valid for 10 minutes and refresh token valid for 60 days.
To retrieve an access token from an refresh token, you will need to POST the following parameters:
•grant_type : refresh_token
•client_id : software house identification
•refresh_token : the refresh token acquired by a previous token retrieval with an authorization code.
This will return a JSON structure with an access token, valid for 10 minutes and a new refresh token valid for 60 days.
The url for token retrieval is https://service.inaras.be/octopus-oauth/token
Either of the above mentioned options will result in a token that can be used to:
•Get Dossiers to retrieve a list of dossiers you have access to.
•Connect Dossier to retrieve a Dossiertoken for the dossier you want to work on.