Skip to main content
  • API documentation
  • Who we are

Register for an API access key

If the standard daily limit for data retrieval is insufficient then consider using authorised access - this page describes how to obtain and how to use an access key.

Authenticated HTTP requests

This API uses the OAuth2.0 authentication protocol and token-based authentication, in which an access key is used to generate an access token.

The authorisation process is performed in two steps:

  1. Authenticate the client application with the API authentication service's token endpoint, using the access key credentials to obtain an access token
  2. Use the access token to authorise data retrieval from SEPA's Timeseries API.

Access tokens are sent as header information with each request.  Tokens are valid for 24 hours, and once expired can be refreshed by repeating the access key authentication.

To request an API access key, please email hydrometry-requests@sepa.org.uk , with the subject API Key Request

Schematic of Unauthorised data retrieval
Schematic of Authorised data retrieval

Generate an access token from an access key

The access key is exchanged for an access token at the oidcServer token endpoint:

The API access key provided by SEPA is a Base64-encoded client id (user name) and secret (password).


Retrieve an access token using curl

curl is the cross-platform command line internet data request tool, common to both Windows and *nix platforms, (wget is an alternative tool).

In order to retrieve an access token using a Base64-encoded access key (B64KEY), curl is specified with -X, -H, and -d arguments before the target URL with:

  • the request method (-X argument): POST
  • the header string (-H argument): "Authorization: Basic B64KEY”
  • the body data string (-d argument): "grant_type=client_credentials", which specifies what format the authorisation request takes
  • the target, the oidcServer token endpoint: https://timeseries.sepa.org.uk/KiWebPortal/rest/auth/oidcServer/token

The response is a JSON string of three key:value pairs, similar to:

The value of the JSON access_token key pair, i.e. the long string of letters and numbers "eyJh ... ... mnG0", is used in subsequent API requests.

The token type is always "Bearer" and the expires_in value is the token lifetime in seconds. 

In order to perform a request against SEPA's Timeseries API, the access token has to be provided as a bearer token in the authorization header.

Authorised Access using Python

Python code example using requests.post() and requests.get() methods:

Authorised Access using Postman

Postman is a desktop or browser-based application that greatly facilitates manual data requests to be made using access tokens.  To use Postman the Base64 key must be decoded.

Decode using, e.g. https://www.base64decode.org/

Decode from Base64 example
Postman Authentication example