API Reference
A
Authentication

Entra ID (Azure AD) OAuth 2.0

All requests to the KSDL API Gateway must be authenticated using a Bearer token obtained from Microsoft Entra ID (formerly Azure Active Directory). Tokens are scoped to specific data providers and endpoints.

Step 1 — Register your application in Entra ID

Contact the KSDL governance team to register your consuming application. You will receive a Client ID and Client Secret, along with the specific OAuth scopes approved for your access request.

Step 2 — Obtain a token (Client Credentials flow)

POST https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id={your-client-id}
&client_secret={your-client-secret}
&scope=https://ksdl.kingspan.com/.default

Step 3 — Token response

{
  "token_type": "Bearer",
  "expires_in": 3600,
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIs..."
}

Step 4 — Use the token in requests

GET https://api.ksdl.kingspan.com/erp/v2/materials
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIs...
X-Kingspan-Correlation-Id: 550e8400-e29b-41d4-a716-446655440000
Token Scopes

Tokens are scoped to the specific endpoints approved in your access request. Attempting to call an endpoint outside your approved scopes will return a 403 Forbidden response.