Heimdall is our authentication service it supports modern standards like OpenID Connect and OAuth 2 0 and makes it easy to integrate with our APIs When you have onboarded you ll get a unique and that you can use to issue tokens from Heimdall The token is scoped to the services you need so you can use the same token for multiple services For using our API s you need to use the OIDC flow which means that you provide your and to Heimdall and in return you ll get a token that you can use to access our API s sequenceDiagram participant Client participant Heimdall participant LOOKUP participant VALIDATOR participant API Client >>Heimdall Request token Heimdall >>Heimdall Issue token with scopes Heimdall >>Client Return token Client >>LOOKUP Use token to check any PEPPOL participant Client >>VALIDATOR Use token to validate your business documents Client >>API Use token to send or receive business documents client_id client secret client_credentials client_id client_secret

Changing the below with your and with your and you will get a JSON response containing your JWT access token You can use the same token for as long as it is valid when it expires just request a new one we don t use refresh tokens Note Reach the token endpoint for production by removing from the URL XXX client_id YYY client_secret curl https auth qa infotorg no auth realms fms realm protocol openid connect token d grant_type client_credentials&client_id XXX&client_secret YYY qa

You can test the token in QA by using our Swagger UI and clicking the button in the top right corner Authorize