Authentication guidelines

Thuasne as a group is fully committed to ensuring the highest standard of security in data exchanges with its customers, partners and for its own application. It is the reason why Thuasne has decided to secure its APIs following the widely spread and recommended Oauth 2.0 standards.

In order to provide its customer a secured experience, Thuasne has made the choice of strictly following the Azure Client Credentials way of managing authentication.

How to get Client Id and Secret

Picture

The following applies only to user who have preemptively Sign up to Thuasne portal.

When an identified consumer asks for the first time to access an API by subscribing to a product on the portal, Thuasne verifies the requester identity and then provide the consumer with an Client ID and a Secret.

The Client ID and Secret are like your unique identifier and secured password to authenticate yourself into Thuasne.

Keep them safe and be particularly careful not to lose your Secret as even Thuasne administrator can’t recover it for you. If lost a secret, can only be reset.

 How to get a authentication Token

Picture

Your Client ID and Secret comes to use when you want to access Thuasne’s API.

You are expected to use it to securely identify yourself when requesting Thuasne Authorization server for Access Token.

Picture

The Oauth endpoint controls that the Client ID and Secret are known in Thuasne tenant and if successful provides in return the Access token.

A correct Access token delivered by Thuasne should contain claims as below:

Picture

How to use Access Token to call an API

Use the Oauth token provided along a correctly structured API request and get access to the data and services offered by Thuasne API of Thuasne.

The token allows you “the bearer” of the token to access the service.

The token is expected to be added in the Request Header along the Subscription key.

Picture

In case you need support or have a question send an email to thuasneapi@thuasne.com