The user data in CONNECT ID can be accessed either by end users via the My CONNECT account client or by clients via REST APIs.
The My CONNECT account client
"My CONNECT account" is the account management client of CONNECT and is available at https://connect.telenordigital.com/gui/mypage. Guidelines on how to integrate with the My CONNECT account client can be found under My CONNECT account.
Clients can get access to user data in CONNECT ID through simple REST calls to API endpoints. We support two different approaches for authentication for these API endpoints: Either using OAuth access tokens obtained via the CONNECT authentication and authorization APIs or using simple HTTP Basic authentication with dedicated credentials. Some of the endpoints support access tokens, some support HTTP Basic authentication, while others support both.
OAuth access token APIs
The preferred way to access the user data is using an OAuth access token as a bearer token in the
Authorization header of the HTTP request, according to the
OAuth bearer token usage specification (RFC 6750).
The Authorization header will look like this:
Authorization: Bearer <access token>
This can be done directly from the clients towards the endpoints. Below is a list of all such endpoints, of which the first one is the preferred way of getting user data to a client. For more detailed description of the scope values required for accessing these endpoints, see the scope page.
- Get basic user information (user ID, name, preferred email address, preferred phone number) according to the OpenID Connect specification: Get UserInfo
- Get all email addresses for a user including metadata: Get list of emails, Get email
- Get all phone numbers for a user including metadata: Get list of phones, Get phone
- Get basic user information including metadata: Get user by ID
- Update basic user information: Update user
HTTP Basic authentication APIs
If a client requires the API endpoints which do not support OAuth access tokens, we will issue
dedicated HTTP Basic authentication credentials (username and password). Such credentials are
separate from the OAuth client credentials (OAuth client ID and client secret) used towards the
/token endpoint for confidential
clients. The Authorization header will look like this:
Authorization: Basic <Base64 encoding of username:password>
The credentials need to be kept secret, so only server side code may use those credentials to call the API endpoints. All endpoints in the APIs linked below support HTTP Basic authentication: