# Authentication You must generate an access token for **each environment** before you can use the Solaris API. To do this, you must provide your `client_id` and `client_secret` to the [OAuth2 endpoint described below](#oauth2). The API will return the token in the `access_token` property of the response. The response will have a `Content-Type` of `application/json`. Once you have your token, you must include it in every API request in the **header.** Use the following format: `Authorization: Bearer {your_access_token}` Access tokens expire after **one hour.** If you submit an invalid or expired token in an API request, or forget to include the token in the header, then the API will respond with a `401 Unauthorized` error. In this case, your solution must call the OAuth2 endpoint to generate a new one. Warning For security purposes, it is **strictly prohibited** to use the access token in the request URL of an API call. ### OAuth2 For the OAuth2 flow, you must pass your credentials as a colon-separated, Base64-encoded string: `client_id:client_secret`. Supply the Base64-encoded string in the `Authorization` header using the following format: `Authorization: Basic {base64-encoded-string}`. Your request must have a `Content-Type` of `application/x-www-form-urlencoded` and include the following URL-encoded data: - `grant_type=client_credentials` - `scope=partners` **Request URL:** ```shell Sandbox POST https://auth.solaris-sandbox.de/oauth2/token ``` ```shell Production POST https://auth.solarisbank.de/oauth2/token ``` **Example request:** ```shell Sandbox POST https://auth.solaris-sandbox.de/oauth2/token Authorization: Basic YXV0aC1jcmVkOjZyczZuZDYzbjg0dGMwZzBrcTV6aDUyYjV3emJwM2phcDRwc2t4d2pka2RmZ3c5YW9uM3g4Y3gyNGNqYzJtOXp6N3N6Z23= Content-Type: application/x-www-form-urlencoded Host: auth.solaris-sandbox.de data-urlencode 'grant_type=client_credentials' data-urlencode 'scope=partners' ``` ```shell Production POST https://auth.solarisbank.de/oauth2/token Authorization: Basic YXV0aC1jcmVkOjZyczZuZDYzbjg0dGMwZzBrcTV6aDUyYjV3emJwM2phcDRwc2t4d2pka2RmZ3c5YW9uM3g4Y3gyNGNqYzJtOXp6N3N6Z23= Content-Type: application/x-www-form-urlencoded Host: auth.solarisbank.de data-urlencode 'grant_type=client_credentials' data-urlencode 'scope=partners' ``` **Example response:** ```json { "access_token": "7TosiPbZUa22LTfL3JcyTZvG2C5v_84RQt2IRI7E0gs.JxfRXEBF8nEhX0FGnGdgh7QJxGdDsHOA77-DXq6wA5s", "expires_in": 3599, "scope": "partners", "token_type": "bearer" } ``` ### OAuth (legacy) Note This authentication method will be deprecated. If you are integrating with Solaris for the first time, please use OAuth2 instead. You can generate a token using Solaris' `/oauth` method in one of two ways: #### Basic auth Pass the credentials as a colon-separated, Base64-encoded string (`client_id:client_secret`). Note that you must still specify the `grant_type` in the HTTP POST body or as a request parameter. **Request URL:** ``` POST /oauth/token?grant_type=client_credentials HTTP/1.1 ``` **Example request:** ```shell Sandbox POST /oauth/token?grant_type=client_credentials HTTP/1.1 Host: api.solaris-sandbox.de Authorization: Basic OGVkOGoybWU1MjEyOXQ2Y2lwY3pjNW92NnRsd21yZGxpbjZ4OWRxamI2YTB5M3dvb2Y5aWlobzV5YnA2bGtzM29qcTJ3djoyaHl2ZjBpbGh6YnB5Y2w5NTU0b3R1d2NqczZxbm8xeHMxN3ZtbXNhdHlldXIxaWd1ODNsaXFjdnZpc3lhb2RydHRiZnM4 ``` ```shell Production POST /oauth/token?grant_type=client_credentials HTTP/1.1 Host: api.solarisbank.de Authorization: Basic OGVkOGoybWU1MjEyOXQ2Y2lwY3pjNW92NnRsd21yZGxpbjZ4OWRxamI2YTB5M3dvb2Y5aWlobzV5YnA2bGtzM29qcTJ3djoyaHl2ZjBpbGh6YnB5Y2w5NTU0b3R1d2NqczZxbm8xeHMxN3ZtbXNhdHlldXIxaWd1ODNsaXFjdnZpc3lhb2RydHRiZnM4 ``` **Example response:** ```json { "token_type": "Bearer", "access_token": "xxxxXXXXXXxxxxxxXXXXXXxxxxx", "expires_in": 3599 } ``` #### JSON auth Submit authentication credentials to the API in a JSON request body. Set the `Content-Type` header to `application/json`. **Request URL:** ```shell POST /oauth/token ``` **Example request:** ```json { "grant_type": "client_credentials", "client_id": "xxxxXXXXXXxxxxxxXXXXXXxxxxx", "client_secret": "xxxxXXXXXXxxxxxxXXXXXXxxxxx" } ``` **Example response:** ```json { "token_type": "Bearer", "access_token": "xxxxXXXXXXxxxxxxXXXXXXxxxxx", "expires_in": 3599 } ```