Wingfield Logo
Wingfield Partner API

Authentication

For authentication, the Wingfield Partner API expects an API token to be included in the Authorization header of each request, formatted as follows:

Authorization: Bearer <your-api-token>

# Example:
# Authorization: Bearer tok_ext_v1_tH1siSac0mPLet3LY.r4Nd0mLo0k1nGwiNgFIeLdPaRtNerT0keN

Obtaining an API token

API tokens can be obtained by contacting our support team. Each token is associated with a specific partner account and should be kept secure. If you believe your API token has been compromised, please contact us immediately to have it revoked and a new token issued.

Authorization

The Partner API uses two layers of authorization:

  1. API Token Permissions: determine which endpoints a partner can access.
  2. Resource Relations: determine which specific users or organizations the partner is allowed to interact with.

Both requirements must be satisfied when accessing protected resources.

Token Scopes and Permissions

API tokens have specific scopes and permissions that restrict access to certain endpoints.
Possible scopes are user, organization, and court-booking with the following permissions:

PermissionDescription
noneNo access to API endpoints in that scope.
readAllows read-only access to API endpoints in that scope.
writeAllows access to API endpoints that read and modify data in that scope.

So if an endpoint requires user:read permission, the API token must have read or write permission for the user scope to access that endpoint.
If no scope is specified for an endpoint, no permissions are required for it.

Resource Relations

In addition to token permissions, some operations require the partner to be explicitly associated the relevant resource. Currently, partners can establish relations with Users and Organizations. These relations are created through different flows:

User Relation

To associate with a user, the partner must first create a relation request via requestUserRelation.
The user must then approve this request before the association becomes active.

Trying to perform actions on a user without an active relation will result in a 403 user_access_denied error.

Organization Relation

To associate with an organization, the process is initiated by an organization administrator.
The admin generates a Connect Token in the Wingfield Webapp and provides it to the partner. The partner can then use this token to establish the association via claimOrganizationRelation.

Trying to perform actions on an organization without an active relation will result in a 403 organization_access_denied error.

Once an association is established, the partner can access or manage the corresponding resources, provided the API token has the required scope and permissions.

Overview

Previous Page

Error Handling

Learn how errors are structured and how to handle them effectively in your integration.

On this page

Obtaining an API tokenAuthorizationToken Scopes and PermissionsResource RelationsUser RelationOrganization Relation