© 2018 Capita Business Services Ltd. All rights reserved.
Capita Education Software Solutions is a trading name of Capita Business Services Ltd. Our Registered office is 30 Berners Street, London, W1T 3LR and our registered number is 02299747. Further information about Capita plc can be found in our legal statement.
Web based API access to data held within SIMS ID.
An Access Token is a credential that can be used by an application to access an API. The access token informs the API that the bearer of the token has been authorised to access the API and perform specific actions specified by the scope that has been granted. Access Tokens can be either an opaque string or a JSON Web Token; access tokens issued by our authorisation server are always JSON Web Tokens (JWT).
Access tokens must be kept confidential in transit and in storage. The only parties that should ever see an access token are the application itself, the authorisation server, and the resource server. The application should ensure the storage of the access token is not accessible to other applications on the same device. The access token can only be used over an HTTPS connection, since passing it over a non-encrypted channel would make it trivial for third parties to intercept.
When an access token is used to call an API endpoint. the access token should be used as a Bearer credential and transmitted in an HTTP Authorization header to the API.
Please click here to view details of our token endpoint