Access APIs

Introduction

The SPS Integration Developer Portal provides secure and controlled access to APIs across the Shared Platform ecosystem. All APIs are protected using OAuth2, and requests will only succeed when a valid access token is included in the Authorization header.

This guide explains how to discover APIs, request access, obtain credentials, and start testing.

How Access Works

Access to APIs in this portal is controlled through user permissions and OAuth2 credentials issued by the ICC Team.

APIs are visible based on your access permissions
A valid OAuth2 access token is required to invoke any API
Each team must obtain dedicated credentials for testing

⚠️ Access to API documentation does not automatically grant permission to invoke APIs.

1. Discover APIs

Browse the available APIs through the APIs section of the Developer Portal.

You will only see APIs you are authorised to access
API visibility varies depending on your role and permissions

2. Request Access

If you do not have access to a required API:

Contact the ICC Team at giointegrationcapabilitycentre@defra.gov.uk
Provide details of the API(s) you need and your intended use case
Ensure your access request has been reviewed and approved

3. Obtain OAuth2 Credentials (Required for Testing)

All APIs are secured using OAuth2 and require a valid token. To test APIs, you must obtain credentials from the ICC Team.

How to request credentials:

A unique Client ID for your team
Or test credentials for API access

What you will receive:

Client ID
(If applicable) Client Secret
Token endpoint details
Required scopes

4. Generate Access Token

Using the credentials provided, generate an OAuth2 access token. Most APIs use the Client Credentials flow.

Example token request:

POST /oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&
client_id=YOUR_CLIENT_ID&
client_secret=YOUR_CLIENT_SECRET&
scope=API_SCOPE

5. Call the APIs

Include the access token in your API request:

    Authorization:  Bearer <access_token>
  

Requests without a valid token will be rejected with a 403 authentication or authorization error.

Important Notes

OAuth2 authentication is mandatory for all APIs
Access is controlled via user permissions and approvals
Credentials must be obtained from the ICC Team before testing
Each team must use its own Client ID
Access and usage are subject to governance and security controls

Support

For API access, credential requests, or issues, please contact the ICC Team:

giointegrationcapabilitycentre@defra.gov.uk