# Accessing Signicat REST services

# Overview

In order to consume Signicat REST services, a caller must first acquire an access token in order to be able to authenticate consecutive requests. The access token is retrieved using the OpenID Connect (OIDC) protocol. For more, general information about OpenID Connect, refer to our OpenID Connect documentation.

Signicat offers the client_secret_basic method for client authentication, as described in the OpenID Connect Core 1.0 specification. (opens new window)

# Using the service

Bear in mind that the examples shown in this section are only applicable for the client_secret_basic method.

# Required information

In order to call the OIDC endpoint, you will need:

  • Client ID
  • Client secret
  • Scope


Environment Base URL (Nordics)* Base URL (Europe)*
Beta https://beta.signicat.com/
Preproduction https://preprod.signicat.com/ https://eu01.preprod.signicat.com/
Production https://preprod.signicat.com/ https://eu01.signicat.com/

* If you are unsure which environment to choose, contact your Signicat onboarding manager.

Path Verb Content Type Header Input Output
/oidc/token POST application/x-www-form-urlencoded Authorization header TokenRequest TokenResponse

# Authorization Header


The authentication header is your Client ID and Client secret, joined with a colon in between and then base64-encoded. So, if your client id is foo and your client secret is bar, then the header value is:

foo:bar -> Zm9vOmJhcg==

In your HTTP request to the /oidc/token endpoint, the following header is then added:

Authorization: Basic Zm9vOmJhcg==

When you’ve received the access token, you will need to apply an authorization header when doing requests to the service resources that you are using. The access token header is:

Authorization: Bearer <YOUR ACCESS TOKEN HERE>

# Code examples

# Example using CURL

curl -X POST "https://<ENVIRONMENT>.signicat.com/oidc/token" \
    -H "Authorization: Basic <CLIENT ID AND SECRET BASE64-ENCODED>" \
    -d "grant_type=client_credentials&scope=<SCOPE>"

# Example request using Java

class TokenResponse {
    String accessToken;
    String tokenType;
    String scope;
    int expiresIn;
private static String getToken(CloseableHttpClient httpClient, String scope) {
    ObjectMapper mapper = new ObjectMapper();
    try {
        HttpPost auth = new HttpPost(OIDC_URL);
        Header authenticationHeader = new BasicScheme().authenticate(
            new UsernamePasswordCredentials(CLIENT_ID, CLIENT_SECRET),
            auth, null);
        List < NameValuePair > nvps = new ArrayList < NameValuePair > ()
        nvps.add(new BasicNameValuePair("grant_type", "client_credentials"));
        nvps.add(new BasicNameValuePair("scope", scope));
        auth.setEntity(new UrlEncodedFormEntity(nvps, StandardCharsets.UTF_8));
        TokenResponse tokenResponse = null;
        try (CloseableHttpResponse response = httpClient.execute(auth)) {
            tokenResponse = mapper.readValue(
            return tokenResponse.getAccessToken();
        } catch (ParseException | IOException e) {
    } catch (AuthenticationException e) {
    return null;

# Messages

# TokenRequest

Name Type Description
Scope String The requested scope.
GrantType String The string "client_credentials"

# TokenResponse

Name Type Description
AccessToken String The access token.
TokenType String The string Bearer.
Scope String The requested scope.
ExpiresIn Long Milliseconds until the access token expires unless refreshed.
Last updated: 3/1/2021, 12:00:45 AM