Client Credentials Flow
If your application is a website using navigation data in the back-end, the Client Credentials Flow should be used to enable the back-end to download the data.
This flow is the least complex flow and is basically just a user/password type of authentication with a few extra parameters. One single request to the /connect/token
endpoint on the Navigraph Identity Server is needed to get an Access Token
:
POST /connect/token HTTP/1.1
Host: identity.api.navigraph.com
Content-Type: application/x-www-form-urlencoded
client_id=<client-id>&client_secret=<client-secret>&scope=fmsdata&grant_type=client_credentials
Parameter | Value | Description |
---|---|---|
grant_type | client_credentials | Should always be "client_credentials" |
scope | fmsdata | Should always be "fmsdata" |
client_id | The Client ID | The client_id is the id for your client which you will obtain from Navigraph. |
client_secret | The Client Secret | The client_secret is the secret password for your client which you will obtain from Navigraph. |
Successful token responseRead the “Successful token response” section
The Navigraph Identity Server will return a response similar to this:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjA0X3JsNjNvV2ZBSVc3WEd4UWUzQzVEY3dkTSIsImtpZCI6IjA0X3JsNjNvV2ZBSVc3WEd4UWUzQzVEY3dkTSJ9.eyJpc3MiOiJodHRwczovL2lkZW50aXR5LmFwaS5uYXZpZ3JhcGguY29tIiwiYXVkIjoiaHR0cHM6Ly9pZGVudGl0eS5hcGkubmF2aWdyYXBoLmNvbS9yZXNvdXJjZXMiLCJleHAiOjE2MTE1MTA2MjQsIm5iZiI6MTYxMTUwNzAyNCwiY2xpZW50X2lkIjoiZmJ3LWEzMm54Iiwic2NvcGUiOlsiY2hhcnRzIiwiZm1zZGF0YSIsIm9mZmxpbmVfYWNjZXNzIiwib3BlbmlkIl0sInN1YiI6ImM3YTIwY2JlLTU4ZjQtNDA3ZS1hZjJmLTVjODRmMTE5YzJlNiIsImF1dGhfdGltZSI6MTYxMTUwNzAyNCwiaWRwIjoiaWRzcnYiLCJ1cGRhdGVkX2F0IjoxNjA3MDgzNDI0LCJ0ZW5hbnQiOiJkZWZhdWx0IiwicHJlZmVycmVkX3VzZXJuYW1lIjoibTRya3VzIiwiZW1haWwiOiJtYXJrdXNAZ3JhbmRub2lzZS5zZSIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJnaXZlbl9uYW1lIjoiTWFya3VzIiwiZmFtaWx5X25hbWUiOiJIYW1idXJnZXIiLCJwbGF5X3JvbGUiOiJ1c2VyIiwiYmV0YSI6InRydWUiLCJsb2ciOiJkZWJ1ZyIsImVtYWlsX2JvdW5jZWQiOiIwIiwiZW1haWxfbWFuYWdlX2tleSI6IjA0MjBGMURGLUU0MzMtNEFBMC1BRjBBLTBDNTg3QzU4MTZEQSIsInJvbGUiOiJhZG1pbiIsInRvcyI6IkZhbHNlIiwiZW1haWxfc2V0dGluZyI6IjAiLCJuYW1lIjoibTRya3VzIiwiYW1yIjpbInVybjppZXRmOnBhcmFtczpvYXV0aDpncmFudC10eXBlOmRldmljZV9jb2RlIl0sImFkZHJlc3MiOnsiY291bnRyeSI6IlNFIn19.nbG-Lu_87Z0nSVuPByrBowfX7rRLuHEVKHH7vjIpISBtm4Hh4pF4zjuTgL9xrRb70cPxcKoqEsY48lur-vED34bAspZda4tuLzH9NYHlF7FSgPVxxXpVP65KOG1wJwsSjFEsVkQzq8N6GeM0iqbevpZM-lXHijgAqgINJ-X4_P5YHbryMKVlWJv8mBNgUU3TQ0RHcChCEcRnAgRne0noxskSv3FD__UUmhAQxWyTMW7rFd0jIkB5pIEw5uIyZEz-uXReshDiZgA1_knSYb36XrnpYT0kRoao92Jw6MfLrtL8CV33W-G4aYZjBJRrIvstTSyukF7s0oh5gmhCibYQvA",
"expires_in": 3600,
"token_type": "Bearer"
}
Notice that there is no refresh_token
as the back-end tokens only live for an hour without possibility to refresh.
Validate subscription in the backendRead the “Validate subscription in the backend” section
Back-end clients can check the subscription of a user by calling the subscription end-point using a token that is retrieved from the front-end using the /v1/subscriptions/valid
endpoint.
GET /v1/subscriptions/valid HTTP/1.1
Host: api.navigraph.com
Authorization: Bearer <access-token>
Subscription ResponseRead the “Subscription Response” section
[
{
"date_active": "2020-02-02T23:00:00.000Z",
"date_expiry": "2021-04-12T23:59:59.000Z",
"subscription_name": "Navigraph Ultimate",
"type": "charts"
},
{
"date_active": "2020-02-02T23:00:00.000Z",
"date_expiry": "2021-04-12T23:59:59.000Z",
"subscription_name": "Navigraph Ultimate",
"type": "fmsdata"
}
]
The response is an array containing one or more subscription objects. At least one of the objects needs to have the type
property set to "fmsdata" for enabling a current AIRAC cycle for the user.