Gateway Migration

We changed our API gateway in june 2025. If you have been using our APIs before this date, then there are a couple of updates that you will need to do.

What Have Changed

• We have made authentication consistent across all our APIs, which means that all of our APIs are interoperable. We have made the same authentication method and flow, which makes it easy for you to call all our APIs
• We are using OAuth2 Client Credentials Grant Flow with no scopes and form body post method when querying for a token.

What You Need To Do

Update URLs to APIs

Before

• API Url https://api.schibsted.com/prisjakt/<api-name>
• Token URLs (could differ per API)
  • Business Center API
    • https://api.schibsted.com/prisjakt/b2b-auth
    • OR https://api.schibsted.com/prisjakt/business/auth
  • Partner Search API
    • https://api.schibsted.com/prisjakt/partner-search/token
  • Insights V2 API
    • https://api.schibsted.com/prisjakt/insights-v2/auth

After

• API Url https://api.pj.nu/<api-name>
• Token Url (same for all APIs): https://auth.pj.nu/oauth2/token

In some cases, the request flow changed

Before

• Authentication and headers could vary per API
• Clients called APIs directly with client_id and client_secret in headers

After

1. Request token from token endpoint
   • https://auth.pj.nu/oauth2/token
   • Do NOT send any audience parameter
2. Use token in calls to API
   • Use same token until it expires, then refresh it
   • Send token as header Authorization: Bearer <token>
3. Do NOT send any extra headers such as client_id or x-api-key when calling the API. The authorization header with bearer token is enough.