All requests to the API’s of WebApiServices are protected by SSL, are only available using the HTTPS protocol and require you to be authenticated. Protocols other then HTTPS and un-authenticated requests to the API’s of WebAPIServices are refused.


Authentication is handled by the Xploration Authentication Service, which is a collection of centralized authentication and authorization endpoints for initiating and managing secure interaction with the API’s of WebApiServices. This authentication API implements the flows and grants associated with the OpenID Connect protocol.

Client Setup

To be able to use the WebApiServices API’s you need an active account.
If you don’t have an account yet, you may register one at
After an account is registered and an API subscription is activated on your account, you will be able to authenticate and use the API’s.

Discovery Document

The Xploration Authentication Service exposes a number of endpoints for authentication, requesting tokens, public keys and other configuration information. Since the Xploration Authentication Service is an OpenId Connect service, you will be able to retrieve a discovery document, which contains all the information about those authentication endpoints. The discovery document is available at


Getting Authenticated

To be able to use the WebApiServices API’s you must be authenticated and use the obtained access_token with every request.
The OpenId Connect flow used for authentication for machine to machine is the “Client Credentials flow”, and is available at

Method POST
Headers Accept: application/json
Content-Type: application/x-www-form-urlencoded
Name Description Value Mandatory
grant_type Determines the authentication flow client_credentials
client_id The id of the registered client 342khkhsd$34345sf44df
client_secret The secret of the registered client MySuperComplexSecret
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Content-Length: 153

Success Response Code: 200
Description: Returned when the token request was succesfull

Error Reponses Code: 400
Description: Returned when an invalid scope was requested


Code: 400
Description: Returned when an grant_type other then the supported grant types was provided


Code: 400
Description: Returned when an invalid client_id and/or client_secret is provided


Api requests

After succesfully obtaining an access_token from the Xploration Authentication Service, requests to the WebApiServices API’s can be made using this access_token in the header of those requests.


Description Retrieves data from MyApi
Method GET
Example request
Accept: application/json
Authorization: Bearer MyAccessToken
Success Response Code: 200
Description: The data returned after a succesfull request

  "first_property": "first value",
  "secondproperty": "second value"
Error Responses Code: 403
Description: Returned when an invalid Authorization header was send along with the request