Authentication

This page describes the authentication mode of the SADV API and the transport security requirements.

OpenID Connect and OAuth 2.0

The SADV API uses OAuth 2.0 for access authorization, with an authentication server compatible with OpenID Connect.

Machine-to-machine access relies on the client credentials grant mechanism.

Concretely, the client software first obtains an access token from the authentication server, then sends that token in requests to the SADV API.

The obtained token is associated with your software identifier as a SADV client system.

It is recommended to use an OAuth library suitable for your language (library list).

Each request to the SADV API must include the Authorization: Bearer <access_token> HTTP header.

TLS Encryption (HTTPS)

Before establishing HTTPS communication, the client must verify the server TLS certificate.

This verification includes:

• the trust chain;
• the validity period;
• domain name matching.

If verification fails, the connection must be rejected and the request must not be sent.

Token Retrieval Example

# parameters vary depending on the environment
CLIENT_ID=...
CLIENT_SECRET=...
AUTH_ROOT_URL=https://auth.integration.mesvaccins.net

ACCESS_TOKEN=$(curl -s -X POST -u $CLIENT_ID:$CLIENT_SECRET -d 'grant_type=client_credentials' \
$AUTH_ROOT_URL/realms/professional/protocol/openid-connect/token | \
jq -r '.access_token')

echo $ACCESS_TOKEN

Next Step

Apply the integration guidelines to structure the client interface and secure exchanges.

• Integration guidelines