...

All endpoints require a secure connection (HTTPS). If plain HTTP is used an error status code 403 (forbidden) is returned.

For the test VNO version of each endpoint, replace YYY with ZZZ. hostname with https://vno-account.cochrane.org

Primary endpoints

Authorization endpoint:endpoint

hostname/auth/realms/master/protocol/openid-connect/auth

Token endpoint:endpoint

hostname/auth/realms/master/protocol/openid-connect/token

Authorization Code Grant (server-side) flow

...

The access token must be passed to the API in the Authorization header, e.g.:

GET ???  HTTPhostname/auth/realms/master/protocol/openid-connect/token  HTTP/1.1

Authorization: Bearer 3e8ec1a3d43c983b57df0616b498c04807b466e919999aa0f3f3aabca1dd48cc

...

As another example, the API contains a method to get the user's permissions for a single review:

GET ??? TO BE IMPLEMENTED WITH: CIT-30 HTTP/1.1

Authorization: Bearer 3e8ec1a3d43c983b57df0616b498c04807b466e919999aa0f3f3aabca1dd48cc

...