...
All endpoints require a secure connection (HTTPS). If plain HTTP is used an error status code 403 (forbidden) is returned.
For the test VNO version of each endpoint, replace YYY with ZZZ. hostname with https://vno-account.cochrane.org
Primary endpoints
Authorization endpoint:endpoint
hostname/auth/realms/master/protocol/openid-connect/auth
Token endpoint:endpoint
hostname/auth/realms/master/protocol/openid-connect/token
Authorization Code Grant (server-side) flow
...
The access token must be passed to the API in the Authorization header, e.g.:
GET ??? HTTPhostname/auth/realms/master/protocol/openid-connect/token HTTP/1.1
Authorization: Bearer 3e8ec1a3d43c983b57df0616b498c04807b466e919999aa0f3f3aabca1dd48cc
...
As another example, the API contains a method to get the user's permissions for a single review:
GET ??? TO BE IMPLEMENTED WITH: CIT-30 HTTP/1.1
Authorization: Bearer 3e8ec1a3d43c983b57df0616b498c04807b466e919999aa0f3f3aabca1dd48cc
...