Authentication & Authorization

Suggest Edits

Overview

SCALAR APIs use modern security standards to ensure the highest security levels. Authentication is performed by using bearer tokens to authenticate requests. To call an API you need to send the bearer token in the HTTP Authorization request header as shown below:

curl --request GET \
     --url https://trailer.api.eu1.scalar.zf.com/v1/assets \
     --header 'Accept: application/json' \
     --header 'Authorization: Bearer <YOUR_ACCESS_TOKEN>'

Please read the sections below to get a token with the right permissions for you requirements.

Integrator and Permissions

An integrator is provided with necessary permissions to enable access to certain endpoints. Each endpoint has authorization in place that will verify if the integrator has permission to access the endpoint. If the integrator does not have enough permissions that the developer needs to do his integration work, the developer will need to ask a more privileged user (or integrator) to a person in the organization to give the integrator the necessary rights (coming soon).

Besides needing the correct permission, it is also required that the organization has bought the rights to use the specific API endpoints. Not all products give access to all SCALAR APIs.

Audience

Audiences are used to only put the relevant permissions into the token. Each product is mapped to an audience and when requesting a token it is vital that the correct audience is requested so the correct permissions are uploaded in the token. You can find the list of audiences via: https://developers.zf-scalar.com/docs/audience

How to get a token

To get a token call https://auth.api.eu1.scalar.zf.com/v1/integrators/token with Integrator Id, Secret, and Audience passed in the Request body.

{
  "clientId": "string",
  "clientSecret": "string",
  "audience": "string"
}

After successful API call, you will receive an access token as part of the API response. This token should be reused during the validity period of the token. The Response schema is shared below.

{
  "accessToken": "string",
  "expiresIn": 0,
  "tokenType": "string"
}

Please Note: The access token will expire in every 1 hour. So once your token expires, you need to call the token endpoint again to get a new token.

Updated 4 months ago

What’s Next