Skip to main content

Web API

Erik Wihlborg

Key Resources

  • Web API Reference – OpenAPI specification detailing endpoints, request and response schemas, authentication requirements, and server URLs.
  • Web API Release History – Chronological summary of changes introduced in each API version.

Authentication & Authorization

The TraX Web API uses the OAuth 2.0 Resource Owner Password Credentials Grant , as defined in the OAuth 2.0 Authorization Framework (RFC 6749) .

API credentials (client ID, client secret, username, and password) are issued during the onboarding process.

Requesting an Access Token

To obtain an access token, send a POST request to the token endpoint:

// Headers
Content-Type: application/x-www-form-urlencoded

// Request
POST https://am.gravitee.skf.com:8092/skf-prod/oauth/token

// Example payload
grant_type=password&
client_id=<client_id>&
client_secret=<client_secret>&
username=<username>&
password=<password>

A successful response returns a JSON object similar to the following:

{
  "access_token": "<token>",
  "token_type": "bearer",
  "expires_in": 3599
}

The access_token must be included in all subsequent API requests. The expires_in value indicates the token’s validity period (in seconds). When the token expires, a new access token must be requested.

Recommendation: Request an access token when the client application starts, and schedule automatic renewal at expires_in / 2 to ensure uninterrupted API access.

Using the Access Token

Include the Authorization header in all API requests:

// Headers
Authorization: Bearer <access_token>

// Example request
GET /trax/fleets