Migrate GET access/…

API 2.0 to 2.1.1 migration guide

GET /api/2/access/{for}

This endpoint allows the client application to directly obtain an access token for an account that is a member of one of the caller organization’s groups. This is typically done to start the player for an end user, without the user having to log in manually.

Service accounts

The access API has been replaced by service accounts and JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants.

A service account is an account that is used for server-to-server communication, and can’t be used by humans. Using a service account for your communication of your systems with the Drillster API is the standard, and replaces the (human) staff user account that originally had to be used when communicating with the Drillster API. It is strongly recommended to replace staff user account communication with service account communication. The documentation on service accounts explains how to do this in detail.

The JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants is an 🔗 official OAuth 2.0 extension. It allows you to request an access token for your users without the user having to authenticate or give consent.

The service account documentation describes how to request an access token for the service account. To request an access token for an end user account, which is the purpose of the /access/{for} endpoint, all you need to do is to provide the account ID of the end user in the sub claim of the JWT. The account must be managed by your organization.

API 2.1.1 support

In addition to the service account flow described above, the /access/{for} endpoint is still supported in API 2.1.1. Note that the functionality will not be carried beyond API version 2.1.1.