API Authentication
ProvEn 2.0 offers a REST API that should be preferred for all new requests, as well as several other job-related operations. The API is secured with OAuth2 and requires a valid Entra ID token.
The token must be obtained against an app registration that includes the ProvEn 2.0 API roles in its API permissions. This means the main app registrations cannot be used.
Within Core’s tenant, app registrations have been created for this purpose. In other tenants, an app registration will need to be created and permissions added/consented.
Authentication details vary depending on the app registration and target tenant, but example parameters are included below for the development environment.
These parameters can be fed into an HTTP client such as Postman, Insomnia or Hoppscotch to generate a valid token.
| Parameter | Expected value | Example value |
|---|---|---|
| Grant type | A suitable method depending on the use-case | client_credentials |
| Authorization endpoint | Token endpoint for the target tenant | https://login.microsoftonline.com/b711a074-37c7-459d-9e4b-3968a9fb384d/oauth2/v2.0/token |
| Client ID | App ID of the API app registration. | 27267ce8-ed81-4354-94d9-ea685862ff9c |
| Client secret | Secret value created on the app registration | <redacted> |
| Scopes | Scope for the target environment | api://ProvEn2_dev/.default |
| Client authorization | Send credentials in body | |
| Pass by | Headers |
The token must be included with every request as the Authorization header in the Bearer format.