NIH | National Cancer Institute | NCI Wiki  

Error rendering macro 'rw-search'

null

Versions Compared

Old Version 21

changes.mady.by.user Freund, Jeremy (NIH/NCI) [C]

Saved on

compared with

New Version 22

changes.mady.by.user Freund, Jeremy (NIH/NCI) [C]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

NCI uses Okta for authentication and authorization services for the CTRP applications and APIs. This page describes the tasks required to obtain the proper authorization to use the NCI CTRP API. For any questions or support contact CTRP_support@nih.gov.

...

All users are required to have a valid Okta CTRP user account to access CTRP applications (CTRP Registration and CTRP Accrual) and use the CTRP API. For instructions on requesting a an Okta CTRP account, refer to the following: Creating New NCI CTRP User Accounts.

2. Obtain

...

Okta Client ID and Client Secret

Once your NCI Okta CTRP user account has been created, contact CTRP_support@nih.gov to request access authorization to use the CTRP APIs. CTRP Support will review the request and, if approved, will generate a Client ID and Client Secret for associated with your account and provide these key values to you. The Client ID and Client secret are required parameters to generate an Okta Authentication Tokenaccess token

3. Generate Okta access token

All service endpoints require Okta access token authentication. To generate an Okta access token, a request must be made to the environment service endpoint using a valid Client ID and Client Secret. See below for additional details on how to construct the access token request.

...

Info

The access token will expire 12 hours after being generated (43,200 seconds).   <Please verify>

4. Call REST Service with Bearer Authentication

Once the access token has been generated, it will need to be included in the 'Authorization: Bearer' parameter when submitting API requests. The following example uses the accrual-services URL in the Int environment and lists the required header and parameters values.

...

The Client ID and Client Secret need to be updated on a yearly basis. Contact the CTRP Support to obtain a new Client ID / Client Secret combination.

Error Codes for the Okta API

...

Error

...

Code

...

Message

...

Invalid Client Id

...

401

{

    "errorCode": "invalid_client",

...

.

...

    "errorLink": "invalid_client",

    "errorId": "oaejDJuWCiRTQeH8n6WG2116A",

    "errorCauses": []

}

...

Invalid Client Secret

...

401

...

{

    "error": "invalid_client",

    "error_description": "The client secret supplied for a confidential client is invalid."

}

...

Invalid User Credentials / Account Locked*

...

400

{

    "error": "invalid_grant",

    "error_description": "The credentials provided were invalid."

...

CTRP REST services

See the following for additional details on the various CTRP web services: 

...