Migration from v1 to v2

Example application

We have modified our original example application to work with our new API. Download modified original example application.

Why did we migrate?

The migration to API v2 was necessary to improve the security of our transmission. We have made changes to our authentication method. The new authentication method follows the client credential flow of the OAuth 2.0 specification, which is more secure than the previous version. By migrating to API v2, we have ensured that our transmission is more secure and less vulnerable to attacks.

What have we changed?

New Token API

Changes have been made to the /authentication endpoint. Here are the key changes.

The token endpoint is now separated from Roster APIs and hosted on a different Identity server. The base address of the server is https://identity-eu.frmsc.com. See the Token section of our API Reference for more information.
You must URL encode the client secret. You can use urlencoder.org to URL encode the client secret.
You must pass Authorization header starting with the word Basic followed by a space and a base64 encoded string of <Your_ClientID>:<Your_URL_Encoded_ClientSecret>. See below for the format and the example.
Manually encoding?

Use base64encode.org to encode or decode the string of <Your_ClientID>:<Your_URL_Encoded_ClientSecret>.
Before encodingAfter encodingExample of Authorization header value
5471E010-DDEE-4C98-FF8F-08DB2245E373:7rg6Gt+hUiobtXI9Jb37z2vtrhw1CEgDkwFZcMbN5Yc=
NTQ3MUUwMTAtRERFRS00Qzk4LUZGOEYtMDhEQjIyNDVFMzczOjdyZzZHdCtoVWlvYnRYSTlKYjM3ejJ2dHJodzFDRWdEa3dGWmNNYk41WWM9
Basic NTQ3MUUwMTAtRERFRS00Qzk4LUZGOEYtMDhEQjIyNDVFMzczOjdyZzZHdCtoVWlvYnRYSTlKYjM3ejJ2dHJodzFDRWdEa3dGWmNNYk41WWM9
The body must have two fields:
- grant_type whose value must be client_credentials
- scope whose value must be frmsc_safe_upload_api
The content-type for the body must be x-www-form-urlencoded

Example request for token

Example cURL requestExample response

curl --location 'https://identity-eu.frmsc.com/connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic NTQ3MUUwMTAtRERFRS00Qzk4LUZGOEYtMDhEQjIyNDVFMzczOjdyZzZHdCtoVWlvYnRYSTlKYjM3ejJ2dHJodzFDRWdEa3dGWmNNYk41WWM9' \

-d grant_type=client_credentials&scope=frmsc_safe_upload_api

eyJhbGciOiJSUzI1NiIsImtpZCI6IjBFNUMxNEU4OEIzRjFFMEFCNDlGNUIzMkU5NzNDMDQ0NkY0MjJDRURSUzI1NiIsInR5cCI6ImE0K2p3dCIsIng1dCI6IkRsd1U2SXNfSGdxMG4xc3k2WFBBUkc5Q0xPMCJ9.eyJuYmYiOjE3MDQ4NTQwNjksImV4cCI6MTcwNDg1NzY2OSwiaXNzIjoiaHR0cHM6Ly9pZGVudGl0eS1ldS5mcm1zYy5jb20iLCJhdWQiOiJmcm1zY19zYWZlX3VwbG9hZF9hcGkiLCJjbGllbnRfaWQiOiI1NDcxRTAxMC1EREVFLTRDOTgtRkY4Ri0wOERCMjI0NUUzNzIiLCJqdGkiOiIxN0ZBMjlDMEFFMkJDMTQ5QjJGQjAwNkFCQjYwNDU5RSIsImlhdCI6MTcwNDg1NDA2OSwic2NvcGUiOlsiZnJtc2Nfc2FmZV91cGxvYWRfYXBpIl19.X-OWtCzTNML0O5RwcoPOOBPx33lQEXvPy4LvauhVpzYto4XfKFTT19HtHGZByCeyexckq0VtIwNukRrBOdyQuqjSKzVDpVHLoUBj6C5VIheQC8qCHZYEyZhzum5d0qmlUejYbaXeja4_lBRLLp1pzQO6ERAYYyLkSa-L-bhtNl3EyabNf3PyiKJAfySc5R7z4yN32IGxLCeTcf8_fimASrRZNUz52ozRQiKbibYtC38yWNLpbjnNvg7u4aWQ7x41FyHKfPC7D9P7_4SBc3uqciLrYyYUoBHpdOF7OwvGXdC2sR9vhe2dAYGGKNTNH0OJQ1xFrXhripkItVEabhN_ag

SAFE Application API

We have not made any major changes to the /UploadRoster endpoint payload. However, we have changed the base address of the Upload server to https://web-eu.frmsc.com.

Moreover, to use the SAFE Application API endpoints, you must pass the response you received from calling the identity server in the Authorization header.

You must pass Authorization header starting with the word Bearer followed by a space and token string. See below for format and example. If you are following the OAuth2.0 flow, the platform you are using should automatically do all these steps for you.

Syntax of Authorization header valueExample of Authorization header value

  Bearer <token_string>

  Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjBFNUMxNEU4OEIzRjFFMEFCNDlGNUIzMkU5NzNDMDQ0NkY0MjJDRURSUzI1NiIsInR5cCI6ImE0K2p3dCIsIng1dCI6IkRsd1U2SXNfSGdxMG4xc3k2WFBBUkc5Q0xPMCJ9.eyJuYmYiOjE3MDQ4NTQwNjksImV4cCI6MTcwNDg1NzY2OSwiaXNzIjoiaHR0cHM6Ly9pZGVudGl0eS1ldS5mcm1zYy5jb20iLCJhdWQiOiJmcm1zY19zYWZlX3VwbG9hZF9hcGkiLCJjbGllbnRfaWQiOiI1NDcxRTAxMC1EREVFLTRDOTgtRkY4Ri0wOERCMjI0NUUzNzIiLCJqdGkiOiIxN0ZBMjlDMEFFMkJDMTQ5QjJGQjAwNkFCQjYwNDU5RSIsImlhdCI6MTcwNDg1NDA2OSwic2NvcGUiOlsiZnJtc2Nfc2FmZV91cGxvYWRfYXBpIl19.X-OWtCzTNML0O5RwcoPOOBPx33lQEXvPy4LvauhVpzYto4XfKFTT19HtHGZByCeyexckq0VtIwNukRrBOdyQuqjSKzVDpVHLoUBj6C5VIheQC8qCHZYEyZhzum5d0qmlUejYbaXeja4_lBRLLp1pzQO6ERAYYyLkSa-L-bhtNl3EyabNf3PyiKJAfySc5R7z4yN32IGxLCeTcf8_fimASrRZNUz52ozRQiKbibYtC38yWNLpbjnNvg7u4aWQ7x41FyHKfPC7D9P7_4SBc3uqciLrYyYUoBHpdOF7OwvGXdC2sR9vhe2dAYGGKNTNH0OJQ1xFrXhripkItVEabhN_ag