Skip to Content

User Guide

Business Portal Login

OAuth Development Guide

The NCC integration for OAuth supports multiple types of access grants. The best type of grant to be used will depend on your implementation.

 

First-party access

OAuth Client Credentials

First party access is used when the account which owns the application is the same as the account providing the data to be accessed. This access is via a client credentials grant, and is logically the same as using an api key.

 

Third-party access

OAuth Authorization Code

Third party access is used when the application is owned by one user, and the data to be accessed is owned by a different user. The acess is granted across accounts. This access uses an authorization code grant type and is the most common method of OAuth access.

The authorization code system makes use of a permissions screen which allows the third-party user (e.g. User B) to grant permission to User A to access the data. This permissions screen is shown interactively within a browser session and the interactive session is required whenever the access tokens are generated.

Third-pary access may also make use of a refresh token to support long-running credentials. These can be refreshed without requiring an interactive browser session.

This access can also be used across multiple accounts (User B, User C, User D, etc) with each user having their own access tokens.