Skip to content
Last updated

You must generate an access token for each environment before you can use the Solaris API. To do this, you must provide your client_id and client_secret to the OAuth2 endpoint described below. The API will return the token in the access_token property of the response. The response will have a Content-Type of application/json.

Once you have your token, you must include it in every API request in the header. Use the following format:

Authorization: Bearer {your_access_token}

Access tokens expire after one hour. If you submit an invalid or expired token in an API request, or forget to include the token in the header, then the API will respond with a 401 Unauthorized error. In this case, your solution must call the OAuth2 endpoint to generate a new one.

Warning

For security purposes, it is strictly prohibited to use the access token in the request URL of an API call.

OAuth2

For the OAuth2 flow, you must pass your credentials as a colon-separated, Base64-encoded string: client_id:client_secret. Supply the Base64-encoded string in the Authorization header using the following format: Authorization: Basic {base64-encoded-string}.

Your request must have a Content-Type of application/x-www-form-urlencoded and include the following URL-encoded data:

  • grant_type=client_credentials
  • scope=partners

Request URL:

Sandbox
POST https://auth.solaris-sandbox.de/oauth2/token
Production
POST https://auth.solarisbank.de/oauth2/token

Example request:

Sandbox
POST https://auth.solaris-sandbox.de/oauth2/token
Authorization: Basic YXV0aC1jcmVkOjZyczZuZDYzbjg0dGMwZzBrcTV6aDUyYjV3emJwM2phcDRwc2t4d2pka2RmZ3c5YW9uM3g4Y3gyNGNqYzJtOXp6N3N6Z23=
Content-Type: application/x-www-form-urlencoded
Host: auth.solaris-sandbox.de
data-urlencode 'grant_type=client_credentials' 
data-urlencode 'scope=partners'
Production
POST https://auth.solarisbank.de/oauth2/token
Authorization: Basic YXV0aC1jcmVkOjZyczZuZDYzbjg0dGMwZzBrcTV6aDUyYjV3emJwM2phcDRwc2t4d2pka2RmZ3c5YW9uM3g4Y3gyNGNqYzJtOXp6N3N6Z23=
Content-Type: application/x-www-form-urlencoded
Host: auth.solarisbank.de
data-urlencode 'grant_type=client_credentials' 
data-urlencode 'scope=partners'

Example response:

{
    "access_token": "7TosiPbZUa22LTfL3JcyTZvG2C5v_84RQt2IRI7E0gs.JxfRXEBF8nEhX0FGnGdgh7QJxGdDsHOA77-DXq6wA5s", 
    "expires_in": 3599, 
    "scope": "partners", 
    "token_type": "bearer" 
}

OAuth (legacy)

Note

This authentication method will be deprecated. If you are integrating with Solaris for the first time, please use OAuth2 instead.

You can generate a token using Solaris' /oauth method in one of two ways:

Basic auth

Pass the credentials as a colon-separated, Base64-encoded string (client_id:client_secret). Note that you must still specify the grant_type in the HTTP POST body or as a request parameter.

Request URL:

POST /oauth/token?grant_type=client_credentials HTTP/1.1

Example request:

Sandbox
POST /oauth/token?grant_type=client_credentials HTTP/1.1
Host: api.solaris-sandbox.de
Authorization: Basic OGVkOGoybWU1MjEyOXQ2Y2lwY3pjNW92NnRsd21yZGxpbjZ4OWRxamI2YTB5M3dvb2Y5aWlobzV5YnA2bGtzM29qcTJ3djoyaHl2ZjBpbGh6YnB5Y2w5NTU0b3R1d2NqczZxbm8xeHMxN3ZtbXNhdHlldXIxaWd1ODNsaXFjdnZpc3lhb2RydHRiZnM4
Production
POST /oauth/token?grant_type=client_credentials HTTP/1.1
Host: api.solarisbank.de
Authorization: Basic OGVkOGoybWU1MjEyOXQ2Y2lwY3pjNW92NnRsd21yZGxpbjZ4OWRxamI2YTB5M3dvb2Y5aWlobzV5YnA2bGtzM29qcTJ3djoyaHl2ZjBpbGh6YnB5Y2w5NTU0b3R1d2NqczZxbm8xeHMxN3ZtbXNhdHlldXIxaWd1ODNsaXFjdnZpc3lhb2RydHRiZnM4

Example response:

{
    "token_type": "Bearer",
    "access_token": "xxxxXXXXXXxxxxxxXXXXXXxxxxx",
    "expires_in": 3599
}

JSON auth

Submit authentication credentials to the API in a JSON request body. Set the Content-Type header to application/json.

Request URL:

POST /oauth/token

Example request:

{
    "grant_type": "client_credentials",
    "client_id": "xxxxXXXXXXxxxxxxXXXXXXxxxxx",
    "client_secret": "xxxxXXXXXXxxxxxxXXXXXXxxxxx"
}

Example response:

{
    "token_type": "Bearer",
    "access_token": "xxxxXXXXXXxxxxxxXXXXXXxxxxx",
    "expires_in": 3599
}