Starting January 2026, all Schiphol APIs will require OAuth 2.0 authentication. This upgrade enhances security and provides a more standardized authentication flow for all developers using our platform.
Why are we making this change?
OAuth 2.0 is the industry standard for API authentication. By adopting this protocol, we're ensuring that your applications benefit from:
- Enhanced Security – Token-based authentication with automatic expiration
- Granular Permissions – Request only the scopes your application needs
- Industry Standard – Compatible with existing OAuth libraries and tools
- Better Developer Experience – Simplified token refresh mechanisms
Migration Timeline
We recommend starting your migration as soon as possible. Here's the timeline:
- December 2025 – OAuth 2.0 endpoints available in sandbox
- January 15, 2026 – Production OAuth 2.0 endpoints go live
- March 31, 2026 – Legacy API key authentication deprecated
- June 30, 2026 – Legacy authentication fully disabled
Applications using legacy API key authentication will stop working after June 30, 2026. Please migrate before this date to avoid service disruption.
How to migrate
Step 1: Register your application
Visit your Application Dashboard and create a new OAuth 2.0 application. You'll receive a client ID and client secret.
Step 2: Update your authentication flow
Replace your API key header with the OAuth 2.0 Bearer token:
// Before (API Key)
headers: {
'X-API-Key': 'your-api-key'
}
// After (OAuth 2.0)
headers: {
'Authorization': 'Bearer your-access-token'
}Step 3: Implement token refresh
Access tokens expire after 1 hour. Implement a token refresh mechanism to ensure uninterrupted access to our APIs.
Need help?
Our team is here to support you through the migration process. Check out our API documentation for detailed OAuth 2.0 implementation guides, or contact our support team if you have questions.