Authorisation

There are two levels of authorisation required by the Open API. The first is a subscription key specific to the instance of the Client Application making the calls to the Open API. The second is an Access Token that also identifies the user on whose behalf the application is using the Open API.

Subscription Keys

A Subscription Key is a unique, 32-character long string that must be passed in a header with all requests to the Open API. The header name is: 

Ocp-Apim-Subscription-Key

The key can be obtained from Dynamic Planner when development is ready to start. Different keys may be provided for during development and for production usage. Keys should be protected as they uniquely identify the calling application.

The nature of deployment of the Client Application will dictate if one or more keys are required. For instance, a Software as a Service application may have an agreement to provide an integration for all their users into Dynamic Planner, without the need to set each up each customer individually. In this situation there is likely to be only one production Subscription Key. Another software provider may install their system on their customer's premises and have Dynamic Planner integrated on a case-by-case basis. This may mean a production Subscription Key per customer is more appropriate.

Access Tokens

An OAuth 2.0 Access Token generated by Dynamic Planner's Identity Server must be supplied with each call to the Open API. To retrieve Access Tokens from the Identity Server your client application will need to have been configured by Dynamic Planner.

Dynamic Planner's Identity Server supports OpenId Connect to provide a standards based method to both authenticate users (returning an Identity Token) and provide an Access Token that a client application can use against the Open API.

The OAuth Grant Types / OpenId Flows permitted for a client application will need to be agreed with Dynamic Planner according to the use case of the application. In most cases it would be expected that the client application would use Hybrid Flow to combine the OAuth Authorization Code (code) grant type and the OpenId Implicit (id_token) flow. In some use cases the Client Credentials grant type may be supportted.

Refresh Tokens

For use cases that require offline access to the Open API, Dynamic Planner's Identity Server supports OAuth Refresh Tokens. How long these will be valid for will be considered based on the client application's use case.