Authentication

You'll need to authenticate your requests to access any of the endpoints in the Punt Uit API. Punt Uit offers an OAuth flow to authenticate your API requests. In this guide, we'll look at how authentication works.

Authentication using OAuth

The way to authenticate with the Punt Uit API is by using OAuth. When establishing a connection using OAuth, you will need a ClientID / ClientSecret pair — you can manage them in your partner portal under settings/integrations. When using an incorrect combination, a 401 Unauthorized status will return. Here are two ways how to get a new access token using cURL and the corresponding response:

1. Basic auth

POST

/api/auth/token

curl https://partner.punt-uit.nl/api/auth/token \
  -H "Authorization: Basic Base64(clientId:clientSecret)"

2. application/x-www-form-urlencoded

POST

/api/auth/token

curl https://partner.punt-uit.nl/api/auth/token \
  -H "Content-Type: application/x-www-form-urlencoded"
  -d "grant_type=client_credentials&client_id=clientId&client_secret=clientSecret"

Response

{
    "access_token": "htac-Bmo0--pumYUFMkK8wUZnVG_1Yy4XchVWiJH_QL",
    "token_type": "Bearer",
    "expires_in": 3600
}

You can now use the accessToken to authorize api calls

Example request to resource api

GET

/v3/products

curl https://partner.punt-uit.nl/api/fulfilment/v3/shipments \
  -H "Authorization: Bearer {access_token}"

When your access_token is expired (default after 1 hour), the corresponding API call will result a 403 Forbidden status and you have to get a new one.

Always keep your secrets safe and reset them if you suspect they have been compromised.