Documentation

Authentication

Entur APIs use two authentication mechanisms:

Open APIs: identify your client with ET-Client-Name.
Partner APIs: use OAuth2 client credentials and JWT access tokens.

Open APIs

All requests to Open APIs must include the ET-Client-Name header. Use a value that uniquely identifies your company and application, in the form <company>-<application> (lowercase, no spaces).

Example header

If your company is "Forsen Utvikling" and your app is "Infoplakat":

ET-Client-Name: forsen_utvikling-infoplakat

Example request

Code
curl --request GET \
  --url "https://api.entur.io/distance/stop-place-distances/NSR:StopPlace:337/NSR:StopPlace:1" \
  --header "ET-Client-Name: forsen_utvikling-infoplakat"

Requests without ET-Client-Name may be rate limited or blocked.

Partner APIs

Partner APIs use OAuth2 client credentials. You authenticate by exchanging a Client ID and Secret for a short-lived JWT access token, then sending that token in the Authorization header.

1. Create client credentials

Log in to the Entur Partner Portal.
Go to Clients and create a new client.
Store the generated Client ID and Client Secret securely.

Only users with the "Klientadministrator" role in your organization can create clients.

2. Get an access token

Call the authentication service that matches the environment where your client was created. Use the client_credentials grant type.

Environment	Authentication service endpoint	Audience
Production	https://partner.entur.org	https://api.entur.io
Staging	https://partner.staging.entur.org	https://api.staging.entur.io
Dev	https://partner.dev.entur.org	https://api.dev.entur.io

Request body


Code
{
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "audience": "https://api.entur.io",
  "grant_type": "client_credentials"
}

Example request (production)

Code
curl --request POST \
  --url https://partner.entur.org/oauth/token \
  --header 'content-type: application/json' \
  --data '{
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET",
    "audience": "https://api.entur.io",
    "grant_type": "client_credentials"
  }'

We recommend using established OAuth2 libraries instead of building this flow from scratch.

3. Use the access token

Include the JWT access token in the Authorization header for every Partner API request:

Code
Authorization: Bearer <ACCESS_TOKEN>

Example request

Code
curl --request GET \
  --url "https://api.entur.io/personalisation/v1/programs/1" \
  --header "Authorization: Bearer <ACCESS_TOKEN>"

4. Cache and expiry

Cache access tokens securely and reuse them until they expire.
Tokens from Entur’s authentication service are valid for 24 hours.
You can track expiry via the expires_in field from the token response or the exp claim inside the JWT.

Requests using expired tokens will return HTTP 401.

Troubleshooting

Common HTTP status codes during authentication:

401 Unauthorized – Missing/invalid client_secret, missing token, or expired token.
403 Forbidden – The token is valid, but lacks required permissions for the endpoint.
408 Session timeout – The token expired during processing; obtain a new token.

Last modified on March 6, 2026

Getting started Clearing

Documentation

Authentication

Entur APIs use two authentication mechanisms:

Open APIs: identify your client with ET-Client-Name.
Partner APIs: use OAuth2 client credentials and JWT access tokens.

Open APIs

Example header

If your company is "Forsen Utvikling" and your app is "Infoplakat":

ET-Client-Name: forsen_utvikling-infoplakat

Example request

Code
curl --request GET \
  --url "https://api.entur.io/distance/stop-place-distances/NSR:StopPlace:337/NSR:StopPlace:1" \
  --header "ET-Client-Name: forsen_utvikling-infoplakat"

Requests without ET-Client-Name may be rate limited or blocked.

Partner APIs

Partner APIs use OAuth2 client credentials. You authenticate by exchanging a Client ID and Secret for a short-lived JWT access token, then sending that token in the Authorization header.

1. Create client credentials

Log in to the Entur Partner Portal.
Go to Clients and create a new client.
Store the generated Client ID and Client Secret securely.

Only users with the "Klientadministrator" role in your organization can create clients.

2. Get an access token

Call the authentication service that matches the environment where your client was created. Use the client_credentials grant type.

Environment	Authentication service endpoint	Audience
Production	https://partner.entur.org	https://api.entur.io
Staging	https://partner.staging.entur.org	https://api.staging.entur.io
Dev	https://partner.dev.entur.org	https://api.dev.entur.io

Request body


Code
{
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "audience": "https://api.entur.io",
  "grant_type": "client_credentials"
}

Example request (production)

Code
curl --request POST \
  --url https://partner.entur.org/oauth/token \
  --header 'content-type: application/json' \
  --data '{
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET",
    "audience": "https://api.entur.io",
    "grant_type": "client_credentials"
  }'

We recommend using established OAuth2 libraries instead of building this flow from scratch.

3. Use the access token

Include the JWT access token in the Authorization header for every Partner API request:

Code
Authorization: Bearer <ACCESS_TOKEN>

Example request

Code
curl --request GET \
  --url "https://api.entur.io/personalisation/v1/programs/1" \
  --header "Authorization: Bearer <ACCESS_TOKEN>"

4. Cache and expiry

Cache access tokens securely and reuse them until they expire.
Tokens from Entur’s authentication service are valid for 24 hours.
You can track expiry via the expires_in field from the token response or the exp claim inside the JWT.

Requests using expired tokens will return HTTP 401.

Troubleshooting

Common HTTP status codes during authentication:

401 Unauthorized – Missing/invalid client_secret, missing token, or expired token.
403 Forbidden – The token is valid, but lacks required permissions for the endpoint.
408 Session timeout – The token expired during processing; obtain a new token.

Last modified on March 6, 2026

Getting started Clearing