1 Introduction
1.1 Purpose
The primary intent of this document is to provide partners with the necessary information of the Application Programming Interfaces (APIs) to assist them in obtaining OAuth access token which will be required to contribute content and media using TIH APIs, as well as utilising TIH Recommendation Engine API.
1.2 Partner On-Boarding
Partners who wish to leverage on TIH API Services that require OAuth Authentication should register for a TIH B2B account and request for the service through the following procedure.
- Partners need to register with TIH by creating an account with TIH via the following URL, https://tih.stb.gov.sg/content/tih/en/profile/register.html
- After successfully registering a B2B Account on TIH, an email request should be sent in to the TIH Helpdesk (stb_tih@stb.gov.sg), to request for OAuth Authentication with the following information,
- B2B Account ID (Email address)
- Application Name
- Reason for request
- Requestor’s details
- Once the request has approved, an email with the ClientId and ClientSecret will be sent to the requestor’s email address.
- The partner’s application will use the ClientId and ClientSecret to generate an accessToken. This accessToken will be used in all API requests. (See section 3: OAuth Usage Flow Scenario)
The API sets that require OAuth access token are:
2 OAuth API Specifications
This section highlights the APIs related to the OAuth authorization and authentication.
2.1 Access Token
Please note that for the Authorization parameter is a base64 encoded string of the clientId and clientSecret in the format of clientId:clientSecret.
2.2 Refresh Access Token
Please note that for the Authorization parameter is a base64 encoded string of the clientId and clientSecret in the format of clientId:clientSecret.
3 OAuth Usage Flow Scenario
This section of the document depicts the sequence of API calls to the TIH API services to retrieve OAuth access token.
Steps:
- User requests for OAuth access token by providing client id and client secret through API (OAuth – Access Token).
- User obtains OAuth access token
- With the access token, you can proceed to call the API that requires the access token with the following “Authorization” header:
Header Authorization BearerToken
The API sets that require OAuth access token are: