Here’s how to get started
This Developer Portal offers access to a range of APIs that are available across the Victorian Government.
The following steps will get you started:
1. Register for access
2. Sign in and view the APIs
3. Request access to APIs
4. Create an authentication key
5. Make some API calls.
Fill in the user registration form.
Your registration request will go to the approver's team for review.
You’ll be notified via email when your request is approved.
2. Sign in
Once your access has been approved, sign in to the developer portal.
By default your user account is part of an organisation called Community. This gives you access to a range of APIs published by government agencies for open use.
Check the API Catalogue page for a list of available APIs. The list is constantly growing, so check back frequently.
Some organisations don’t publish their APIs to the Community organisation. This may be because they are for internal use only or may contain sensitive content.
3. Request Access to APIs
When you’ve found an API you want to use, you need to create an API access request.
Approved access to an API will provide you with the following information about the API:
- API name and description
- owner details
- authentication method (via API key or OAuth)
- rate limits
- monitoring and API call logging.
To create an API access request:
- Register an account on the Developer Portal.
- Log into your Developer Portal account and select "My API Requests" from the dropdown at the top right of the page.
- Click "Create API Access Request".
- Use the check boxes to select the APIs you want to request access to. Click Submit Request.
Your request may require approval from the API Owner, although in most cases API access requests are automatically approved on submission.
You will receive email confirmation when your access is approved.
4. Create authentication key(s)
Once your access is approved, you need to generate an authentication key to access each API.
The API catalogue shows the type of authentication required. It also provides code generators to help you get started.
In general there are two supported types of authentication:
- OAuth 2.0
- API Key
- Basic Auth (API Key + Secret)
OAuth 2.0 is our preferred authentication method. This allows users to generate a temporary token that provides access to specific API functions for a short period of time.
OAuth 2.0 allows:
- developers to easily generate and use tokens
- API owners to prevent unnecessary access
- Visit the OAuth 2.0 website for more information about OAuth 2.
Some APIs are authorised simply by including an API key in the header or URL of the request.
During the early stages of API development some organisations can publish APIs with only API key authentication.
Basic Authentication (API Key + Secret)
Some APIs will require the use of a Secret Key as well as the API key for authentication. The secret key is generated at the same time as the API Key and is available in the Developer Portal.
The API Key and Secret Key are then combined and encoded using a Base64 algorithm to authenticate the request.
Combined (with a colon): fca66b3c-e19d-4cca-952a-23d2e4d96a8f:0b9e0ed1-5981-4aa6-8fca-58bc5783e368
Encoded in Base64: ZmNhNjZiM2MtZTE5ZC00Y2NhLTk1MmEtMjNkMmU0ZDk2YThmOjBiOWUwZWQxLTU5ODEtNGFhNi04ZmNhLTU4YmM1NzgzZTM2OA==
This can then be used in the Authentication header of the request.
5. Make some API calls
Once you’ve created your authentication key you can now test calls to the API.
The goal is to get familiar with the API to understand:
- the methods you can access
- the parameters you’re required to send
- the fields that will be sent back in the response.
You can then download the Swagger 2.0 definition for each API or write your own custom code to access the API using your own API access request.