.wpb_animate_when_almost_visible { opacity: 1; }

Glossary – Orange Developer

This glossary lists all terms related to APIs and to the Orange Developer ecosystem. It will help you understand the main key concepts to integrate and consume our APIs.

Access token

An access token allows a client application to access data managed by a resource server. This token is generated with the client_id & client_secret app’s credentials, made available on Orange Developer via an OAuth 2.0 authorization server and sent by the client application, in the request (header part) to the resource server. This token is mandatory for APIs calls to access protected resources. For more information on how to generate and use this access token, refer to How to start – Orange Developer

API

Application Programming Interface. An application can use this interface to interact with another application that provides a resource (such as datasets). An API can be:

  • Live (supports traffic and accept new subscriptions),
  • deprecated (supports traffic, but does not accept new subscriptions)
  • or retired (no longer supports either traffic or subscriptions).

API Calls

We may talk about “using an API” or “sending calls or requests using an API” interchangeably. This means that an application consumes the resources of an API. To know which requests an application can send to an API, the technical documentation (e.g. Getting started, Swagger-based API Reference) provides examples of requests/responses.

API Gateway

Core component of an API Management solution that is used to secure the access to API resources. Acts as a single point of access to route and process request & response messages sent/received by client applications to/from backend services exposed through API proxies.

Application ID

Unique developer application’s identifier in our exposition channel’s information system.

Authorization header

Used to get an access token. Its value is composed of the keyword “”Basic””, followed by a space and the base64 encoding of the concatenation of the client_id, “”:”” and the client_secret. It is then included in every API call with the Bearer token value to ensure you are allowed to access the API resources (Authorization: Bearer <access_token>)..

Client ID

Unique ID provided by our API Management solution to identify your application.

Client secret

Secret code provided to you by Orange Developer for a given app. It is known only to the application and the OAuth 2.0 authorization server. It is used in conjunction with the client ID to request an access token. It may also be used to sign the ID Token (according to OpenID Connect standard).

Consumer

API consumers are users who subscribe to the API and can manage their own subscriptions.

Documentation

Set of documents that help consumers integrate Orange API, This set consists of:

  • at least of an overview (describes the value proposition and key benefits of the API),
  • provides a Getting Started (provides all the information you need to start using the API)
  • API reference guide (describes the whole set of resources and incoming/outcoming data structure (JSON format) in an offer),
  • optional documents such as an FAQ, T&Cs, logs, etc.

OAuth 2.0 protocol

Protocol for securing application access to protected resources, which are accessed through REST APIs. OAuth 2.0 relies on access tokens presented by client applications when requesting access to protected resources. There are 2 kinds of authentication:

  • OAuth 2-legged / Oauth 2-legs: standard to authorize -or reject- an application’s access to API resources. It does not cover the end-user authentication. All resources need authorization. OAuth v2 framework is used in order to authenticate all calls.
  • OAuth 3-legged / Oauth 3-legs: adds the end-user authentication and consent to the Oauth 2-legged standard.

Offer

Business model conditioning the API integration and consumption. API offers can be:

  • public: allows companies to publicly expose information and functionalities of one or various systems and applications to third parties that do not necessarily have a business relationship with them
  • private: to facilitate the integration of different applications and systems within a company
  • or open to some partners only: used to facilitate communication and integration of software between a company and its business partners. Such APIs are accessible only on an “invite only” basis to a limited set of third parties or software which communicates across the public Internet

OIDC

OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It enables the end-user’s identity to be verified and their consent to be collected in order to access their personal data

Owner

The API owners are responsible for managing subscriptions to the API. Only API owners can change the status of a subscription.

Refresh token

Special kind of token that can be used to obtain a new access token after it has expired on an OAuth 2.0 authorization server

Subscription

API subscriptions may have various statuses:

  1. Pending: The initial status of a subscription request. It is awaiting approval from the API owners.
  2. Approved: The subscription has been reviewed and accepted by the API owners.
  3. Revoked: The subscription has been canceled by the API owners.
  4. Removed: The subscription has been unsubscribed by the API consumer.