Skip to main content
Developer documents
  1. Home
  2. Authentication


The Register land and property and ScotLIS Land Register APIs use OAuth 2.0 client credentials authentication.

Once set up with API access, organisations can manage their own API clients. See managing clients for more information.

WarningIt is the responsibility of organisations that sign up to use RoS APIs to ensure that API credentials are stored and communicated securely and only shared with trusted developers. You must notify RoS immediately if you suspect credentials have been compromised.

Obtaining a token

Obtain an API token by making a POST request, with no body, to the appropriate environment's token endpoint listed below. The request must be authenticated with basic authentication using the client ID and secret.

The equivalent curl command is:

curl -X POST -u "[id]:[secret]"

Token endpoints


Using an API token

Pass the token in a bearer authentication header.

curl -H "Authentication: Bearer [token]"

Authentication tips

  • Tokens are valid for five minutes. We recommend re-using them until they expire to improve the performance of your integration.
  • Unexpected authentication errors can be reduced by fetching a new token and retrying your API request if the first attempt returns a 401 response.