Je hebt Javascript nodig om deze website te kunnen gebruiken. Pas je browserinstellingen in om verder te gaan!
Directus

Authentication

Authenticate Directus requests safely with your static API token.

When we grant your project API access, you receive a static API token. Use it for every authenticated Directus request.

Do not expose a static API token in browser code, a public repository, or a URL that can be logged. Route client requests through your server when the token must stay private.

Send a Bearer token

Send your static token in the Authorization header. This is the recommended, most reliable, and most secure method. The Directus SDK does this automatically when configured with staticToken.

terminal
curl 'https://content.onderwijsloket.com/items/articles?limit=1' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN'

Understand alternative methods

You can update your account with a password and use basic authentication to obtain a temporary access token. That token expires and must be refreshed, so we do not recommend it for ordinary API requests.

You can also supply the static token as an access_token query parameter. Use this only when headers are impossible: URLs are often stored in browser history, logs, analytics, and proxy records.

Rotate a static token

Rotate a token by updating the token property on your own user record. Use at least 32 cryptographically random bytes, encoded as Base64 URL or hexadecimal, to avoid collisions and brute-forceable values.

terminal
curl --request PATCH 'https://content.onderwijsloket.com/users/me' \
  --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \
  --header 'Content-Type: application/json' \
  --data '{
    "token": "my-new-static-token"
  }'

Replace a lost token

We cannot retrieve an existing token value. Contact us for a replacement; issuing one rotates the lost token.

Keep in touch with the latest

Sign up for our monthly deep dives - straight to your inbox.