Guide

Authentication

Every non-public endpoint requires an authenticated caller. Send a bearer token issued by the identity provider (Keycloak / OIDC) on each request.

Bearer token

Attach the access token in the Authorization header:

Authorization: Bearer <access_token>
Tip. Obtain a token via the OAuth2 authorization-code flow (interactive apps) or client-credentials / direct-grant (service-to-service). The interactive reference has an Authorize control that stores your token for try-it-out calls.

Where the spec lives

The machine-readable contract is served at /swagger/v1/swagger.json.

built by dloizides.com