Authentication

To utilize Athena's functionalities, you need to provide a valid JWT (JSON Web Token) bearer token in the Authorization header of your request.

To obtain a valid JWT, you must authenticate against our API platform, Heimdall. For detailed instructions on obtaining API keys or registering your own application, please visit heimdall.bouw7.nl.

Including the Authorization Header

Every endpoint in Athena requires the presence of an Authorization header with a Bearer token provided.

For example: Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJ0eXBlIjoid…. If you are using Postman or a similar REST client, you can easily enter the JWT token obtained from Heimdall after successful authentication in the "Token" field, following the selection of "Bearer authorization" in your request.

Data Scoping

Requests are validated against your role in the organization. The result set may vary depending on your organizational permissions. For instance, certain items may appear in your result set but not in your colleague's.

For example, there might be a permission in the Exact Online Bouw application that allows you to view all projects or only projects you are associated with. In the latter case, only associated projects are returned.

If your user lacks permission for specific datasets, such as invoices, a request to the invoices endpoint will always return an empty data set.