Authentication- Copy for LLMCopy page as Markdown for LLMs
- View as Markdown
Open this page as Markdown - Open in ChatGPTGet insights from ChatGPT
- Open in ClaudeGet insights from Claude
- Connect to CursorInstall MCP server on Cursor
- Connect to VS CodeInstall MCP server on VS Code
- Copy for LLMCopy page as Markdown for LLMs
- View as MarkdownOpen this page as Markdown
- Open in ChatGPTGet insights from ChatGPT
- Open in ClaudeGet insights from Claude
- Connect to CursorInstall MCP server on Cursor
- Connect to VS CodeInstall MCP server on VS Code
Solaris uses the OAuth2 framework for authentication. To access the API, you must exchange your credentials for a short-lived Bearer Access Token.
To generate a token, send a POST request to the authentication URL for your environment.
- Credentials: You need your
client_idandclient_secret. - Encoding: Combine your credentials into a string (
client_id:client_secret) and encode it using Base64. - Header: Pass the encoded string in the
Authorizationheader:Basic {base64_string}.
| Environment | Auth URL |
|---|---|
| Sandbox | https://auth.solaris-sandbox.de/oauth2/token |
| Production | https://auth.solarisbank.de/oauth2/token |
Parameters:
grant_type:client_credentialsscope:partners(Required for standard API access)
Sandbox (cURL)
curl -X POST "https://auth.solaris-sandbox.de/oauth2/token" \
-H "Authorization: Basic {base64_encoded_credentials}" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "scope=partners"Production (cURL)
curl -X POST "https://auth.solarisbank.de/oauth2/token" \
-H "Authorization: Basic {base64_encoded_credentials}" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "scope=partners"Example response:
{
"access_token": "7TosiPbZUa22LTfL3JcyTZvG2C5v...",
"expires_in": 3599,
"scope": "partners",
"token_type": "bearer"
}Include the access_token from the previous step in the header of every API request.
Header format: Authorization: Bearer {your_access_token}
Security Warning
Never pass the access token in the URL query parameters. It must always be sent in the HTTP Header.
Access tokens are valid for 1 hour (3600 seconds).
- If you make a request with an expired token, the API returns
401 Unauthorized. - Your application must handle this error by requesting a new token using the OAuth2 endpoint above.
Deprecated
The /oauth/token endpoint is deprecated. New integrations must use the OAuth2 endpoints described above.
For existing integrations using the legacy flow:
Request URL:
POST /oauth/token?grant_type=client_credentialsJSON Auth Example:
POST https://api.solaris-sandbox.de/oauth/token
Content-Type: application/json
{
"grant_type": "client_credentials",
"client_id": "your_client_id",
"client_secret": "your_client_secret"
}