Authentication

WoAG Occupation Coding Service User Guide

Authentication information and instructions.

Cite
Released
30/06/2025

An authentication token is required to use the Coding Service. This is a unique, time-limited access key which is used to authenticate all API calls to the service.

Get an authentication token

To get an authentication token, you must first call the service’s authentication endpoint with an authorisation header. More details are available in the AWS documentation, but the key input parameters are described below.

Request syntax

POST /oauth2/token HTTP/1.1
Host: string 
Content-Type: application/x-www-form-urlencoded
Authorisation: string

{
    grant_type: "client_credentials"
}

Request header parameters

Host
     The host name for your chosen API. This will be either https://partner-coder.auth.abs.gov.au or https://public-coder.auth.abs.gov.au depending on whether you have registered for the partner or the public coding service.

Authorisation
     Basic authorisation method with a base64 authorisation token (encodedAuthString), computed from the client ID and client secret provided upon registration. 
     encodedAuthString can be computed via the bash command:
     $ echo -n "${clientID}:${clientSecret}" | base64
     Type: String

Response syntax

HTTP/1.1 200 OK
Content-Type: application/json
{
     access_token: "string"
}

Response elements

access_token
     Your unique access token which can be used to authenticate all API calls to the coding service.
     Type: String

Examples

On registering for the coding service, this user was issued with the following:

  • ClientID: “client1”
  • ClientSecret: “secret123”

encodedAuthString should be the base64 encoding of “client1:secret123” and the entire request is as follows:

Sample Request

POST /oauth2/token HTTP/1.1
Host: https://partner-coder.auth.abs.gov.au
Content-Type: application/x-www-form-urlencoded
Authorisation: Basic Y2xpZW50MTpzZWNyZXQxMjM=

{
    grant_type: "client_credentials"
}

Sample Response

HTTP/1.1 200 OK
Content-Type: application/json

{
    access_token: "example token"
}

Use an authentication token

To authenticate against the coding API service, you will need to include your access token in the header of any API calls.

  • Your token will last one hour from the time of issue, after which you will need to request a new token.
  • You do not need to request a new token for each API call.


The API calls are of a short duration, usually less than a few seconds. When initiated, each call will check the authentication and then continue with the rest of the call. If the call was approved at the start, it will return a response if the timer runs out. 

Asynchronous batch calls may take longer to return results, and you may have to re-authorise to receive the results.

Request header parameters

Authorisation

     The authorisation token retrieved via the Authentication mechanism.
     Type: String

Host

     The host name for your chosen API. This will be either https://partner-coder.api.abs.gov.au or https://public-coder.api.abs.gov.au depending on whether you have registered for the partner or the public coding service.
     Type: String