Authentication guidelines

Thuasne as a group is fully committed to ensuring the highest standard of security in data exchanges with its customers, partners and for its own application. It is the reason why Thuasne has decided to secure its APIs following the widely spread and recommended Oauth 2.0 standards.

In order to provide its customer a secured experience, Thuasne has made the choice of strictly following the Azure Client Credentials way of managing authentication.

How to get Client Id and Secret

The following applies only to user who have preemptively Sign up to Thuasne portal.

When an identified consumer asks for the first time to access an API by subscribing to a product on the portal, Thuasne verifies the requester identity and then provide the consumer with an Client ID and a Secret.

The Client ID and Secret are like your unique identifier and secured password to authenticate yourself into Thuasne.

Keep them safe and be particularly careful not to lose your Secret as even Thuasne administrator can’t recover it for you. If lost a secret, can only be reset.

 How to get a authentication Token

Your Client ID and Secret comes to use when you want to access Thuasne’s API.

You are expected to use it to securely identify yourself when requesting Thuasne Authorization server for Access Token.

The Oauth endpoint controls that the Client ID and Secret are known in Thuasne tenant and if successful provides in return the Access token.

A correct Access token delivered by Thuasne should contain claims as below:

How to use Access Token to call an API

Use the Oauth token provided along a correctly structured API request and get access to the data and services offered by Thuasne API of Thuasne.

The token allows you “the bearer” of the token to access the service.

The token is expected to be added in the Request Header along the Subscription key.

In case you need support or have a question send an email to thuasneapi@thuasne.com