REST API

A client app identifies an application that wishes to integrate with the API. It is recommended to have a different Client App for each integration. The Client App defines which access the external application will require, these are called grants.

A bearer token is used to authorize an API call. A bearer token should be kept secret and is the equivalent of a username/password combination. Bearer tokens grant an external system limited (by the grants of the Client App) access to the API on behalf of the user that generated it. Bearer tokens are tied to a specific user and a specific Client App.

The Digital Enterprise Suite Admin interface also gives the relevant OAuth URL for Authorization and Token exchange to integrate with an external system supporting OAuth 2. Using these URLs, a system can request a Bearer token on behalf of a user following the standard OAuth 2 flows.

For systems that do not support OAuth, they can bypass the normal OAuth flows and a user can manually generate a Bearer token. The Digital Enterprise Suite Admin interface offers a convenient way to directly generate a Bearer token in the graphical interface by clicking the button next to the Client App definition.

Once a Bearer token was obtained (either through standard OAuth flow or manually), the Bearer token must be passed using the Authorization header on each API call. For instance, if the Bearer token is secret-bearer the following HTTP header is required:

Not sending the Authorization header will result in an error message (except for the Public API Login resource).