The Customers API can be used to access Entur and Entur partner organisation’s customers. The features included in the API are: Customer profiles, Customer authentication, Temporary profiles, Consents and Loyalty programs connected to customers. These concepts are explained in the guides.

The Customers API handles GDPR sensitive data. Read more about how it is handled in the guides.

The API use REST principles and all request have to use SSL. All request and response bodies are encoded in JSON


The API has three environments, dev, staging and production. Dev and staging consists of dummy data, which can be used for testing.


All endpoints in the Customers API requires an authentication header. The authentication header must be an Entur-issued OAuth2 bearer token (more details here). If you have access to a client Id and secret, you can use the curl example to retrieve a token:

curl --request POST \
  --url '' \
  --header 'content-type: application/json' \
  --data '{"grant_type":"client_credentials","client_id": "<clientid>","client_secret": "<clientsecret>","audience": ""}'

Get started

When you have an authentication token, you are ready to get started.

Let’s find customer profile for email in staging:

curl -X GET "<email> -H "accept: application/json;charset=UTF-8" -H "Authorization: Bearer <token>"

If you are able to find the customer you are looking for, you are ready to go.

Rate limiting

The Customers API uses spike arrests and quotas to ensure rate limiting. Spikes are identified by client IP. Quotas are identified by authorization token. Quotas are limited per minute and countdown starts from the first request sent. Exceeding limitations will result in 429 TOO_MANY_REQUESTS. Clients needs to limit the amount of requests they are allowing through with the same authorization token to make sure that Denial-of-Service does not happen.