1 Preface
Companies or subscribers possessing a valid, active, and approved eECD license have the capability to seamlessly integrate the digital eECD process into their applications. This is achieved through an extensible XML interface, facilitating access to the eECD API (Application Programming Interface). It's important to highlight that in instances where a third-party IT vendor application is tasked with integration, the vendor must also subscribe to the eECD platform. Only upon subscription can the vendor obtain authorized access to the eECD APIs.
To begin, your company must be a registered entity on the NxtPort International datasharing platform. This involves the registration of both a user and your company. The user initially registering will assume the default administrator role for the company. Subsequently, this administrator can delegate the role of company admin to another registered user within the same company. It's important to note that any tasks requiring user actions must be undertaken by an individual with company admin privileges.
More information to register a user and your company can be found on our Helpcenter pages.
- For Staging environment
- For Production environment
For onboarding to the Nxtport platform and the eECD use-case General Terms and Conditions as well as specific eECD specific Terms and conditions need to be accepted.
The eECD API’s described in this guide are available to Subscribers using the digital eECD Process running on the NxtPort platform, which is co-managed and governed by ECLIC. If you would need assistance to obtain an eECD licence please check www.eclic.eu or contact info@eclic.eu.
2 Types of usage/integration of the eECD platform
3 Practical eECD API information
The eECD API documentation is based on an OpenAPI specification also called "swagger". An up to date version of the eECD API, its methods, and a more detailed description of the eECD API can found at the following address:
- For Staging environment
- For Production environment
3.1 eECD account registration
Before any chemical, cleaning, transport or tank storage company can obtain access to the eECD API’s, a valid and approved eECD subscription order form is required which allows the set up of an eECD admin account. Approval of the form is given by ECLIC and the form is available on www.eclic.eu.
In case an IT software vendor wants to integrate the eECD API’s and wants to offer the digital eECD process as an integrated software solution to its customers, the IT vendor need to first complete the eECD IT vendor subscription form. The eECD IT vendor subscription form can be requested via info@eclic.eu, who will also validate and approve each IT vendor subscription request.
Once you have obtained an approved eECD subscription form, you can register yourself with an account to the NxtPort platform via https://myportal.nxtport-international.com/. (Detailed step-by-step registration process for both the Staging and Production environment is provided in section 1: “Preface”.)
Once the registration is complete and you want to obtain access to the eECD API’s, please create a support ticket via e-mail (support@nxtport-international.com) or via our support helpdesk on Zendesk to request the necessary Credentials (see illustration in paragraph 2). The support team will help with the different environments and setting up the client ids for the eECD API.
The NxtPort platform offers two different endpoints: eECD staging and eECD production environment.
- eECD Staging: https://api-stg.nxtport-international.com/eclic/eecdproxy/v1 This is the general eECD test environment, which can be used to design, develop and test the digital eECD process within an eECD application integrated environment. New features will be developed and tested here, before being moved to production.
- eECD Production: https://api.nxtport-international.com/eclic/eecdproxy/v1 This environment is used for daily operations.
3.2 Authentication
In order to use the eECD API’s, you need to setup Oauth2 authentication. When you have received the necessary keys from NxtPort, you will be able to setup a connection with the following parameters:
For eECD Production
- ClientId: {created during the support request}
- ClientSecret: {created during the support request}
- Scope: {created during the support request}/.default
- grant_type: client_credentials
- LoginDomain: https://nxtinteuprd.b2clogin.com/nxtinteustg.onmicrosoft.com/b2c_1_signuporsignin/oauth2/v2.0/token
- OcpApimSubscriptionKey: self service via NxtPort International MyPortal
- APIBaseUrl: https://api.nxtport-international.com/eclic/eecdproxy/v1
For eECD Staging
- ClientId: {created during the support request}
- ClientSecret: {created during the support request}
- Scope: {created during the support request}/.default
- grant_type: client_credentials
- LoginDomain: https://login.microsoftonline.com/ 9aceb5ea-6f19-48ab-b850-54e343e2ccd7/ oauth2/v2.0/token
- OcpApimSubscriptionKey: self service via NxtPort International MyPortal
- APIBaseUrl: https://api-stg.nxtport-international.com/eclic/eecdproxy/v1
Postman Scripts – eECD Staging / eECD Production
For assistance in setting up your API calls, kindly reach out to our support desk to acquire the Postman collection tailored to facilitate the process.
With this Postman collection, you can request an OAuth access token, valid for a period of 1 hour, via https://{tenantId}.b2clogin.com/{tenantId}.onmicrosoft.com/b2c_1_signuporsignin/oauth2/v2.0/token. This token is required to make successful API calls.
Some more background: The Client_id and ClientSecret are meant to identify the developer of the software. This could be a 3th party or the internal IT organization if you make developments in-house. So keep above client_id and client_secret internal to your organization. When an external software provider develops an integration for an eECD licenced company, This 3rd party software provider will need to ask a client_id and client_secret to NxtPort after completing and obtaining an approved the IT vendor registration form from ECLIC (See Preface above). The Subscription key is the combination of the specific API and operational organization. This is available in the NxtPort International console and needs to be provided by the organization that has the active license from Eclic. A 3rd party software provider does not have a subscription key, but uses the one provided by his customer.
These 3 keys are all necessary in the body (no parameters in header) of a ‘post’ call to the
authentication server to generate an OAuth token (valid 1h). This token can then be used to make the API calls.
3.3 Authorization
Access to specific calls within the eECD API is contingent upon the user roles assigned to each company. Certain API calls are restricted based on the authorization roles associated with each user. For a comprehensive understanding of license details, authorization roles, and available API calls, please consult the Swagger description
3.4 Create an API call
In order to call a web API:
- include the API key of the eECD licenced company in your call: You can put the API subscription key either in the header as the Ocp-Apim-Subscription-Key parameter, or in the query string as the subscription-key parameter. This API key is found in the NxtPort International console.
- include a token in your call using a header parameter with name “Authorization" and value “Bearer {TOKEN}”. Replace {TOKEN} with the token that you received in your call to get the token and remove the quotes, present here just to indicate the extent of the content. The authorization token is created using the client key of the application builder. Refer to the diagram in Paragraph 2 for more details.
4 Other Interesting API Pre-readings
4.1 API Basic information & definitions
- API REST architecture (https://restfulapi.net)
- OAuth 2.0 authentication protocol (https://oauth.net)
- JSON API standards for handling requests (https://jsonapi.org)
4.2 Other eECD API information & documentation
eECD business analysis and workflow document
- eECD API -integration guide for cleaning
- eECD API authorizations per Licence & User Roles