Authentication
The Divendo REST API uses the OAuth 2.0 protocol to authorise calls. OAuth is an open standard that many companies use to provide secure access to protected resources.
When you register a new API user, Divendo generates a set of OAuth client ID and secret credentials for your application. You pass these credentials in the Authorization header in a get access token request.
In exchange for these credentials, Divendo's authorisation server issues access tokens called bearer tokens that you use for authorisation when you make REST API requests. A bearer token enables you to complete actions on behalf of, and with the approval of, the resource owner.
Get an access token
POST/oauth2/token
To get an access token, you pass your OAuth credentials in a get access token call. In response, the Divendo authorisation server issues an access token which can be re-used until it expires. When the token expires, you can repeat this process to obtain a new token.
| Request body |
client_id |
The unique client_id assigned to your API user |
| client_secret |
The unique client_secret assigned to your API user |
| grant_type |
Always set to client_credentials |
Example response
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
"access_token": "uEe8OoPbTCrEovStq8_xYhrCIAHeNSO5f9WgjQq5tWrt7T9tEuAnYEW0A7y8ev8UUVfaiqPHawi3Oc6a7stunaICxudcdrkf5A0zu5BVDUKJj4dG7q3Eb",
"token_type": "bearer",
"expires_in": 21599
}
Making REST API calls
GET/data/countries
With a valid access token, you can make REST API calls. This sample call returns a list of ISO country codes. The access token in the call is an OAuth bearer token.
Example request
curl -v https://api.divendo/data/countries \
-H "Content-Type: application/json" \
-H "Authorization: Bearer access_token"