PEPPOL Service Bus Authenticiation and Authorization

The PEPPOL Service Bus API uses the OAuth2.0 Resource Owner Password Credentials Grant type.

Requesting a bearer token

Request:

POST https://accp-identity.econnect.eu/connect/token HTTP/1.1
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Host: accp-identity.econnect.eu
Content-Length: 155
Expect: 100-continue

username={userName}&password={userSecret}&scope=ap&grant_type=password&client_id={clientId}&client_secret={clientSecret}

For the production environment use https://identity.econect.eu.

username={userName}&password={userSecret}

Specifies the user that is authorized for a specific party.

&scope=ap

Specifies that the Access Point functionality is used.

&grant_type=password&client_id={clientId}&client_secret={clientSecret}

Authenticate your client application

Response:

{"access_token":"eyJhbGciOiJSUzI1NiIsImtpZ...pjw","expires_in":3600,"token_type":"Bearer"}

 

Using the bearer and subscription

The SubscriptionKey provided per organisation is also placed in the header part.

GET https://accp-psb.econnect.eu/api/v1/{API call} HTTP/1.1
Subscription-Key: {SubscriptionKey}
Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZ...pjw
Host: accp-psb.econnect.eu

C# example

using IdentityModel.Client;

string identityUrl = "https://accp-identity.econnect.eu"; // Production: https://identity.econnect.eu 
string clientId = {ClientId};
string clientSecret = {clientsecret};
string user = {UserName};
string userSecret = {userSecret};
HttpClientHandler clientHandler = new HttpClientHandler();
Task<TokenResponse> accessTokenTask = GetAccessToken(clientHandler, identityUrl
            , ClientId, clientSecret
            , User, UsersSecret);
var accessToken = accessTokenTask.GetAwaiter().GetResult();
client = new EConnectPsbApiClient(new EConnectCredentials(accessToken.AccessToken, SubscriptionKey), clientHandler)
{
    BaseUri = new Uri("https://accp-psb.econnect.eu") // Production: "https://psb.econnect.eu"
};

Package needed: <PackageReference Include=”IdentityModel” Version=”3.10.0″ />

For creating the right headers in the calls we you can use the sample Class EConnectCredentials

public class EConnectCredentials : TokenCredentials
{
    public string SubscriptionKey { get; }
    public EConnectCredentials(string token, string subscriptionKey) : base(token)
    {
        SubscriptionKey = subscriptionKey;
    }

    public override Task ProcessHttpRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    {
        request.Headers.Add("Subscription-Key", SubscriptionKey);
        return base.ProcessHttpRequestAsync(request, cancellationToken);
    }
}

 

Was this article helpful?