Getting started with the server-side Schibsted account API

When you have completed this guide, you will have connected your application to the Schibsted account API and made your first call, verifying that your client ID and secrets are correctly configured. You will then be ready to implement login with Schibsted account.

Downloading the appropriate SDK/Client

To work with the Schibsted account APIs, it is recommended that you use one of the official SDKs. The SDKs are thin wrappers that primarily spare you the details of working with OAuth. If an SDK is not available for your language, skip this section and refer to the curl examples below.

NB! Your client secret is highly sensitive. Do not hard-code it, and be careful who you share it with. The examples below are meant to illustrate the basics of using the API, they are not examples of production code. For more complete examples, see the example use-cases.


The Java SDK is available via Schibsted Artifactory. To add it using Gradle:

repositories {
  maven {
    url ""
    credentials {
      username = "${artifactory_user}"
      password = "${artifactory_pwd}"

compile 'com.schibsted.identity:identity-sdk-java-core:<version>'


In order to use the Schibsted account iOS SDK, see the getting started documentation.


In order to use the Schibsted account Android SDK, see the getting started documentation.

Interacting with the API

Now that you have installed a SDK/Client, you will use it to make first contact with the Schibsted account API. Don't worry, it will be quick and painless. When you've got everything set up, you might want to continue with configuring single sign-on.


The following is a minimal example of using the Java SDK. It fetches the /endpoints endpoint, which returns a description of all available endpoints.

import com.schibsted.identity.AuthClient;
import com.schibsted.identity.ClientCredentials;
import com.schibsted.identity.introspection.IntrospectionResult;
import com.schibsted.identity.token.AccessToken;

AuthClient tokenRequestClient = new AuthClient.Builder(
            new ClientCredentials(clientId, clientSecret),
AccessToken accessToken = tokenRequestClient.clientCredentialsGrant();
Map<String, String> headers = new HashMap<>();
headers.put("Authorization", "Bearer " + accessToken.getToken());
httpClient.GET("", headers);




Using curl to interact with the API is a good way to gain insight into how it works at the networking level. It is also the most direct way to ensure your credentials are correct as there are fewer layers of abstraction that might fail/be used wrongly.

Start by requesting an OAuth token:

response=$(curl --silent -X POST \
    -H 'Authorization: Basic <base64(client_id:client_secret)>' \
    -d "grant_type=client_credentials" \

If all goes well, you should get a response like this back:

{ "access_token": "68d602d1a3d3cc1b2805cdeb53fb5207d273a7ec",
  "expires_in": 604800,
  "scope": null,
  "user_id": false,
  "is_admin": false,
  "refresh_token": "95ab17a1f78339b7a01b88c748677ed522474e16",
  "server_time": 1392194793 }

Using the provided access_token, you may now browse the API endpoints:

access_token=$(echo $response | jq -r '.access_token')
curl --silent -H "Authorization: Bearer $access_token"

Table of Contents


In order to complete this guide, you need to know your:

  • client ID
  • client secret

If you do not, please set up your API client via our self service tool

See also

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave a comment, or better yet, send us a pull request on GitHub to fix it (in-browser editing, only takes a moment).

History of this page


Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. Our team reads and responds to every question. Additionally, your experience can help others using Schibsted account, and it can help us continuously improve our documentation.