Authentication endpoints for issuing OAuth tokens.
Issue OAuth access token
This endpoint is used to obtain an access token and optionally an ID token through different OAuth 2.0 grant types, including Client Credentials Flow. Whenever the mTLS flow is taken, the properties will be ignored, and the access token will be generated based on the credentials in the certificate (O or CN).
Headers
ET-Client-NameEntur Client Header.
It is required that all consumers identify themselves by using this header.
Entur will deploy strict rate-limiting policies on API-consumers who do not identify with a header and reserves the right to block unidentified consumers.
The structure of ET-Client-Name should be: <company>-<application> for companies, and <personal name>-<application> for individuals.
X-Correlation-IdCorrelation id
Issue OAuth access token › Request Body
passwordThe password
usernameThe username
client_idThe client ID (Client Credentials Flow)
grant_typeThe grant type: 'client_credentials', 'password', or 'refresh_token'.
client_secretThe client secret (Client Credentials Flow)
Issue OAuth access token › Responses
Successful token issuance.
expires_inThe lifetime of the access token in seconds.
token_typeThe type of the token.
access_tokenThe issued access token.
refresh_tokenThe optional refresh token.