Authentication

You'll need to authenticate your requests to access any of the endpoints in the Stacc SBL API. In this guide, we'll look at how authentication works. We offer a single way to authenticate your API requests: OAuth2 - with client credentials

Getting the bearer token

Fetching the required bearer token for the API is done using a conventional OAuth2.0 client_credentials authentication flow. You can use basic authentication, where your clientId and clientSecret is base64encoded as the basic authentication.

Remember to request the sbl scope to be able to use the SBL API.

POST
Authenticating and using the bearer token
# First, get the access token
TOKEN=$(curl -s -X POST https://oidc.express.stacc.live/realms/express/protocol/openid-connect/token \
  -H 'Authorization: Basic c3Bh...aWkdt' \
  -d "grant_type=client_credentials&scope=sbl" \
  | grep -o '"access_token":"[^"]*' \
  | cut -d'"' -f4)

# Then use the token to create an SBL flow
curl -X POST https://api.sbl.express.stacc.live/api/flow-definitions/sbl \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "nationalId": "12345678903",
    "lastName": "Doe",
    "redirectUrl": "https://example.com/redirect",
    "webhookUrl": "https://example.com/webhook",
    "organizationId": "12345678903"
  }'

Always keep your credentials safe and let us know ASAP (support form) if you suspect it has been compromised.

Was this page helpful?