W
WIWB API 2.0
Terug naar Home
2. API

Authentication

The WIWB API uses OAuth 2.0 Client Credentials flow for authentication. This two-step process ensures secure access to weather data.

Step 1: Get Your API Credentials

First, you need to obtain your client credentials:

  1. Visit our registration page
  2. Fill out the request form with your organization details
  3. Receive your client_id and client_secret via email (typically within 1-2 business days)

Multiple API Keys

Organizations can request multiple API keys for different applications or environments (e.g., development, testing, production). Each key pair operates independently, allowing you to:

  • Separate access between different applications
  • Implement different security policies per key
  • Revoke individual keys without affecting others

To request additional keys, submit a new registration form or contact support.

⚠️ Important: Keep your client_secret secure and never share it publicly.

Step 2: Exchange Credentials for Access Token

Use your client credentials to request an access token from the authentication endpoint:

curl -X POST "https://api.wiwb.nl/auth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Accept: application/json" \
  -d "client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=client_credentials"

Important: Special Characters in client_secret

If your client_secret contains special characters (like +, =, &, %, etc.), you must URL-encode them. Use --data-urlencode instead:

curl -X POST "https://api.wiwb.nl/auth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -H "Accept: application/json" \
  --data-urlencode "client_id=YOUR_CLIENT_ID" \
  --data-urlencode "client_secret=YOUR_CLIENT_SECRET" \
  --data-urlencode "grant_type=client_credentials"

Response

You'll receive a JSON response with your access token:

{
  "access_token": "eyJhbGciOiJIUzI1NiIs...",
  "token_type": "Bearer",
  "expires_in": 3600
}

Step 3: Use Your Access Token

Include the access token in the Authorization header of all API requests:

Authorization: Bearer YOUR_ACCESS_TOKEN

Note: The token expires after the time specified in expires_in (in seconds). You'll need to request a new token when it expires.

Example API Request

curl -X POST "https://api.wiwb.nl/api/entity/datasources/get" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{}'

Token Security

Important security considerations:

  • Never share your API token publicly
  • Store tokens securely in environment variables
  • Rotate tokens regularly
  • Use HTTPS for all API requests

Token Expiration

API tokens have the following characteristics:

  • Expiration: Tokens do not expire unless revoked
  • Revocation: Tokens can be revoked if compromised

Error Responses

If authentication fails, you'll receive a 401 Unauthorized response:

{
  "error": "Unauthorized",
  "message": "Invalid or missing API token",
  "code": 401
}

Common authentication errors:

  • Missing token: No Authorization header provided
  • Invalid token: Token is malformed or invalid
  • Expired token: Token has been revoked or expired
Volgende: Aan de slag