Authentication
Authorization
In order to work with the Rest-API endpoints, the client application must first be authenticated and authorized. API clients using endpoints in the public domain (e.g. Discovery) must have a valid WISE-KEY. The endpoints in the shared domain must have a valid user login as well.
Authentication steps are as follows:
- Generate a WISE-KEY using the API-KEY, API-ID and ApplicationName.
- See Appendix for an example of how this is calculated.
- For most endpoints, a client must login with a username and password to get an access token:
| Endpoint | Description |
|---|---|
| /patron/authentication | For logging in as a patron, the endpoint /patron/authentication is used. A token will be returned upon successful registration. This must be provided as an Authorization in the request header for the relevant endpoints. This authentication makes it possible to consult your own data as a patron. |
| /login | The endpoint /login is used for signing in as a staff user. A token will be returned upon successful registration. This must be provided as an Authorization in the request header for the relevant endpoints. This authentication allows the API client to make requests to the Wise system as a staff user. |
- After a successful login, the response returns an authorization token. This token must be added to every request in the header:
Authorization: {token}
Note: The token is valid for the current day until 23:59:59. It is not necessary to login again on the same day.
Proxy Authentication
A staff user can act on behalf of a patron by using proxy authentication. If the logged-in staff user has the proxy permission PROXY_AUTH, the API client can request a patron authentication token (see step 3 above). With this token, the API client can execute a request as if it were logged in as a patron.
The endpoint to request a patron token as a proxy-user is: /patron/{patronSystemId}/library/{libraryId}/proxyauthentication
Requirements for proxy authentication:
- The API key must be enabled for proxy (configured by OCLC in consultation with the Wise administrator for the library).
- The user must be assigned proxy-auth permission (configured by the library's Wise administrator. The permission can be enabled on the branch, network or system levels).