Authentication

The Switch OpenADR VTN uses the same OAuth 2.0 protocol as the Switchmarket API as described in under the Switch API section.

For more information please refer to page.

OAuth 2.0

OAuth 2.0 is the authorization protocol that is used on all endpoints of Switch API. It allows authorization without the external application getting the user's email address or password. Instead, the external application gets an access token that authorizes access to the user's account. The user can revoke the token for one application without affecting access by any other application. This protocol gives an API client limited access to user data on the web server. OAuth 2.0 relies on authentication scenarios called flows, which allow the resource owner (user) to share the protected content from the resource server without sharing their credentials. For that purpose, an OAuth 2.0 server issues access tokens that the client applications can use to access protected resources on behalf of the resource owner.

For more information about OAuth 2.0, see and .

Supported authorizations

The Switch API supports the authorization for external clients.

Access Token

An Access Token is a piece of data that represents the authorization to access resources on behalf of the end-user. API requests are authenticated using the . To authenticate a request, you need to provide the token in the Authorization header of the request:

curl -H "Authorization: Bearer <your_access_token>" https://api.switchmarket.se/api/me/

All issued access tokens are tied to a specific Switch user account for which they were created. An access token provides the same level of access and privileges that its associated Switchmarket user account would have.

The Switch platform supports two types of user accounts, user account as a human, and a user account as an application. The recommended way to integrate with the Switchmarket API is to use an application user account. This type of account is known as within the Switch platform.