You must generate an access token for each environment before you can use the Solaris API. To do this, you must provide your client_id and client_secret to the OAuth2 endpoint described below. The API will return the token in the access_token property of the response. The response will have a Content-Type of application/json.
Once you have your token, you must include it in every API request in the header. Use the following format:
Authorization: Bearer {your_access_token}
Access tokens expire after one hour. If you submit an invalid or expired token in an API request, or forget to include the token in the header, then the API will respond with a 401 Unauthorized error. In this case, your solution must call the OAuth2 endpoint to generate a new one.
For security purposes, it is strictly prohibited to use the access token in the request URL of an API call.
For the OAuth2 flow, you must pass your credentials as a colon-separated, Base64-encoded string: client_id:client_secret. Supply the Base64-encoded string in the Authorization header using the following format: Authorization: Basic {base64-encoded-string}.
Your request must have a Content-Type of application/x-www-form-urlencoded and include the following URL-encoded data:
grant_type=client_credentialsscope=partners
Request URL:
POST https://auth.solaris-sandbox.de/oauth2/tokenPOST https://auth.solarisbank.de/oauth2/tokenExample request:
POST https://auth.solaris-sandbox.de/oauth2/token
Authorization: Basic YXV0aC1jcmVkOjZyczZuZDYzbjg0dGMwZzBrcTV6aDUyYjV3emJwM2phcDRwc2t4d2pka2RmZ3c5YW9uM3g4Y3gyNGNqYzJtOXp6N3N6Z23=
Content-Type: application/x-www-form-urlencoded
Host: auth.solaris-sandbox.de
data-urlencode 'grant_type=client_credentials'
data-urlencode 'scope=partners'POST https://auth.solarisbank.de/oauth2/token
Authorization: Basic YXV0aC1jcmVkOjZyczZuZDYzbjg0dGMwZzBrcTV6aDUyYjV3emJwM2phcDRwc2t4d2pka2RmZ3c5YW9uM3g4Y3gyNGNqYzJtOXp6N3N6Z23=
Content-Type: application/x-www-form-urlencoded
Host: auth.solarisbank.de
data-urlencode 'grant_type=client_credentials'
data-urlencode 'scope=partners'Example response:
{
"access_token": "7TosiPbZUa22LTfL3JcyTZvG2C5v_84RQt2IRI7E0gs.JxfRXEBF8nEhX0FGnGdgh7QJxGdDsHOA77-DXq6wA5s",
"expires_in": 3599,
"scope": "partners",
"token_type": "bearer"
}This authentication method will be deprecated. If you are integrating with Solaris for the first time, please use OAuth2 instead.
You can generate a token using Solaris' /oauth method in one of two ways:
Pass the credentials as a colon-separated, Base64-encoded string (client_id:client_secret). Note that you must still specify the grant_type in the HTTP POST body or as a request parameter.
Request URL:
POST /oauth/token?grant_type=client_credentials HTTP/1.1Example request:
POST /oauth/token?grant_type=client_credentials HTTP/1.1
Host: api.solaris-sandbox.de
Authorization: Basic OGVkOGoybWU1MjEyOXQ2Y2lwY3pjNW92NnRsd21yZGxpbjZ4OWRxamI2YTB5M3dvb2Y5aWlobzV5YnA2bGtzM29qcTJ3djoyaHl2ZjBpbGh6YnB5Y2w5NTU0b3R1d2NqczZxbm8xeHMxN3ZtbXNhdHlldXIxaWd1ODNsaXFjdnZpc3lhb2RydHRiZnM4POST /oauth/token?grant_type=client_credentials HTTP/1.1
Host: api.solarisbank.de
Authorization: Basic OGVkOGoybWU1MjEyOXQ2Y2lwY3pjNW92NnRsd21yZGxpbjZ4OWRxamI2YTB5M3dvb2Y5aWlobzV5YnA2bGtzM29qcTJ3djoyaHl2ZjBpbGh6YnB5Y2w5NTU0b3R1d2NqczZxbm8xeHMxN3ZtbXNhdHlldXIxaWd1ODNsaXFjdnZpc3lhb2RydHRiZnM4Example response:
{
"token_type": "Bearer",
"access_token": "xxxxXXXXXXxxxxxxXXXXXXxxxxx",
"expires_in": 3599
}Submit authentication credentials to the API in a JSON request body. Set the Content-Type header to application/json.
Request URL:
POST /oauth/tokenExample request:
{
"grant_type": "client_credentials",
"client_id": "xxxxXXXXXXxxxxxxXXXXXXxxxxx",
"client_secret": "xxxxXXXXXXxxxxxxXXXXXXxxxxx"
}Example response:
{
"token_type": "Bearer",
"access_token": "xxxxXXXXXXxxxxxxXXXXXXxxxxx",
"expires_in": 3599
}