Authentication¶
Consumer Intelligence API uses OAuth2 with the Client Credentials flow to authenticate requests. To get access to the API you need an API Client. You can view and manage your API Clients in the self-service portal.
sequenceDiagram
autonumber
Your App->>Identity Server: Authenticate with Client ID + Client Secret to /token.oauth2
Identity Server->>Identity Server: Validate Client ID + Client Secret
Identity Server-->>Your App: Access Token
Your App->>API: Request data with Access Token
API-->>Your App: ResponseGet an access token¶
To get an access token, you need to make a POST request to the token endpoint of the environment you want to access,
and provide the client credentials as well as the requested scope for the token.
For Consumer Intelligence, the scope you need to supply is bci.
| Environment | Token endpoint |
|---|---|
| Production | https://login.bisnode.com/as/token.oauth2 |
| Sandbox | https://login.bisnode.com/sandbox/v1/token.oauth2 |
The following headers and parameters is required:
| Name | Sent as | Value |
|---|---|---|
| Content-Type | Header | application/x-www-form-urlencoded |
| Authentication | Header | Basic <base64 of clientid:clientsecret> |
| grant_type | Parameter (body) | client_credentials |
| scope | Parameter (body) | bci |
Request¶
Example request using cURL:
curl -X POST \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&scope=bci" \
-u "<clientid>:<clientsecret>" \
https://login.bisnode.com/as/token.oauth2
Response¶
Example response:
{
"access_token": "14009418-2391-4b3f-84e9-7188fc9593af",
"scope": "bci",
"token_type": "Bearer",
"expires_in": 3600
}
Using the access token¶
To access a secure API with your access token,
you need to provide the access token as a bearer value to an Authorization header.
| Name | Sent as | Value |
|---|---|---|
| Authorization | Header | Bearer <access_token> |
For example, using cURL:
curl -X GET \
-H "Authorization: Bearer <access_token>" \
https://api.bisnode.com/consumerintelligence/v3/...
Reusing the access token¶
After you have retrieved an access token, you should save it for subsequent requests to the API. There is no limit on the number of calls you can use it for, but it has an expiry period.
Using an expired access token will result in 401 Unauthorized,
so the easiest way to requesting new tokens when necessary is to wait for a 401 response,
and then retry the request with a new access token.