# Authentication Solaris uses the OAuth2 framework for authentication. To access the API, you must exchange your credentials for a short-lived **Bearer Access Token**. ## 1. Obtain an access token To generate a token, send a `POST` request to the authentication URL for your environment. ### Prerequisites * **Credentials:** You need your `client_id` and `client_secret`. * **Encoding:** Combine your credentials into a string (`client_id:client_secret`) and encode it using **Base64**. * **Header:** Pass the encoded string in the `Authorization` header: `Basic {base64_string}`. ### Token endpoints | Environment | Auth URL | | --- | --- | | **Sandbox** | `https://auth.solaris-sandbox.de/oauth2/token` | | **Production** | `https://auth.solarisbank.de/oauth2/token` | ### Request access token **Parameters:** * `grant_type`: `client_credentials` * `scope`: `partners` (Required for standard API access) ```shell Sandbox (cURL) curl -X POST "https://auth.solaris-sandbox.de/oauth2/token" \ -H "Authorization: Basic {base64_encoded_credentials}" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=client_credentials" \ -d "scope=partners" ``` ```shell Production (cURL) curl -X POST "https://auth.solarisbank.de/oauth2/token" \ -H "Authorization: Basic {base64_encoded_credentials}" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=client_credentials" \ -d "scope=partners" ``` **Example response:** ```json { "access_token": "7TosiPbZUa22LTfL3JcyTZvG2C5v...", "expires_in": 3599, "scope": "partners", "token_type": "bearer" } ``` ## 2. Use the access token Include the `access_token` from the previous step in the header of every API request. **Header format:** `Authorization: Bearer {your_access_token}` Security Warning Never pass the access token in the URL query parameters. It must always be sent in the HTTP Header. ### Token expiration Access tokens are valid for **1 hour** (3600 seconds). * If you make a request with an expired token, the API returns `401 Unauthorized`. * Your application must handle this error by requesting a new token using the OAuth2 endpoint above. ## Legacy OAuth Deprecated The `/oauth/token` endpoint is deprecated. New integrations must use the **OAuth2** endpoints described above. For existing integrations using the legacy flow: **Request URL:** ```text POST /oauth/token?grant_type=client_credentials ``` **JSON Auth Example:** ```json POST https://api.solaris-sandbox.de/oauth/token Content-Type: application/json { "grant_type": "client_credentials", "client_id": "your_client_id", "client_secret": "your_client_secret" } ```