IVAO Public APIs don't require any authentication nor access request.
This section of the IVAO DevOPS Documentation wiki describes important information on how to retrieve data from IVAO servers as a client-side application.
This section of the IVAO DevOPS Documentation wiki describes important information on how to retrieve data from IVAO servers as a client-side application.
This section of the IVAO Web Development Documentation wiki describes how you can send your data to the FPL system externally. For more information, visit the next link.
IVAO Private APIs require users to be authenticated in order to query them. Click Here to get request your own access
IVAO Private API Documentations could be found under this link.
IVAO OAuth Scopes description can be found here.
Notice: IVAO API access is now open to everyone! Do not hesitate to request your own access here!
Warning: IVAO API Keys are not issued anymore, please use OAuth tokens.
The IVAO Weather API is exclusive to IVAO Official Virtual Airlines and selected Third Party partners.
If you want access to the Weather API, you should follow the process described on the section Private APIs.
For Virtual Airlines, the request must contain the following information:
For Third Parties, the request must contain the following information:
You can find some code examples on how to use OAuth to access the APIs on this repository. Feel free to make a pull request and add new examples for other users
In addition to the standard HTTP error code, we have augmented some of our error response to detail what is happening, especially around authentication errors.
A response body is usually formatted the following way:
{
"message": "JWT verification error: jwt expired",
"error": "tokenexpired",
"statusCode": 401,
"error_uri": "https://wiki.ivao.aero/en/home/devops/api/documentation-v2#error-messages"
}
If you want to handle specific situations based on error messages, we recommend hard-coding either the HTTP Status Code or error field from the response payload. Here are the value you'll most often encounter:
not_authenticated
: No OAuth2 token nor API was found in the request but is required for this endpointnot_authenticated_with_oauth2
: No OAuth2 token was found in the request but is required for this endpoint
not_authenticated_as_user
: No user-issued (authorization_code
grant) OAuth2 token was found in the request but is required for this endpoint
not_authenticated_as_application
: No app-issued (client_credentials
grant) OAuth2 token was found in the request but is required for this endpoint
hq_application_required
: This endpoint is restricted to HQ-managed apps
missing_permissions
: The user/app is missing at least one permission to access the endpointmissing_scopes
: The token is missing at least one scope to access the endpointinvalid_api_key
: The provided API Key isn't registered to any applicationinactive_application
: The provided token/key is linked to an inactive applicationinvalid_token
: Generic error occured while validating JWT tokenincorrect_token
: JWT token is malformed or isn't issued by IVAOexpired_token
: The provided JWT token is expirednot_before_token
: The provided token is not yet valid (should never happen with IVAO issuers)revoked_token
: The provided token was revokednot_found
: Classic 404 error, either the route doesn't exist or the requested resource (by id) doesn't existforbidden
: Classic 403 error, you don't have access to that endpoint/resourceunauthorized
: Classic 401 error, no authentication method (OAuth token or API Key) where found in the requestbad_request
: The payload doesn't match the expected format or contentPlease check that your code isn't checking against any of those messages, as they have been replaced with the payload above:
This auth token has been revoked or expired
Couldn't extract token from request
No auth token found in request
Couldn't decode auth token
Couldn't verify if that token exist
Can't find the token issuer
Can't find the host from the request
This host is not allowed for this token issuer
Auth token issued by a non-approved source
Failed to find the application details
Failed to find the consumer
Failed to authenticate the consumer
The reponse you get from the API is really close to how our database is structured behind the scenes. This is why some values are IDs referencing other rows, but not always included in the body. Here is a list of most common references you might encounter while using our API.
If you encounter that isn't listed down below, please get in touch with us.