Bisnode provides API access for client developers by means of a CLIENTID and a SECRET. The client developer uses the CLIENTID and SECRET to get an access token from Bisnode's authentication endpoint at https://login.bisnode.com/as/token.oauth2
. The access token is then passed along in the Authorization header to all Bisnode Business Contacts API requests.
Step 1. Get the access token
To get an access token you need to make a POST request to https://login.bisnode.com/as/token.oauth2
using the following HTTP header: Content-Type: application/x-www-form-urlencoded and the following request body: grant_type=client_credentials&scope=bbc. The request must be authenticated using HTTP Basic authentication and a base64-encoded string CLIENTID:SECRET.
Example in cURL
curl -H "Content-Type: application/x-www-form-urlencoded"\
-X POST -d 'grant_type=client_credentials&scope=bbc'\
Step 2. Use the access token
Supply your access token with all requests to the API using the HTTP Authorization header: Authorization: Bearer <your access token here>. You should reuse the access token for multiple calls to the API. See the next section on recommended usage.
Example in cURL - search for "Bisnode"
curl -H "Authorization: Bearer eyJhb...seAtPCCQ"\
Reusing the access token
After you have fetched an access token you should save it and use it for subsequent calls to the Bisnode Business Contacts API. There is no limit on the number of calls it can be used for, but it will expire after a certain time.
We recommend that you disregard the value of the expires_in field and that you simply keep using the same access token until it expires, at which point the API will return an HTTP status of 401 Unauthorized. When that happens you should retrieve a new access token from the authentication endpoint and retry the operation. Care should be taken to not introduce an endless loop of failed API requests and getting new access tokens.
The following pseudo code illustrates how to use the authentication endpoint and Bisnode Business Contacts API.
if not has_cached_access_token():
Backwards compatibility for CRM integrators
To enable use of several users in the same client, use the special header X-BISNODE-USERNAME. This should only be used for backwards comparability for legacy clients. The X-BISNODE-USERNAME enables us to track individual users' usage.
Resources may point to other API resources by means of hyperlinks. The format used for exposing these relations is Hypertext Application Language (HAL).. The content type of all Bisnode Business Contacts documents is thus "application/hal+json" and clients should treat them as any JSON data but with the extra benefit of having provided links to related resources.
Links promote the idea of explorability and makes it possible to fetch documents right from the web browser (provided an access token is sent along with the request) for casual browsing of the data before connecting through more advanced client applications.
Links are also used for easy navigation of search results for the /worksites and /employments endpoints. By default two links are always available in this context; "first" and "last". If the search result spans more than one page (i.e "hitsReturned" is less than the value of "hitsTotal"), "previous" and "next" links will also be available depending on the current position.