# Accessing Signicat REST services
Page contents
# Introduction
In order to consume Signicat REST services, a caller must first acquire an access token in order to be able to authenticate consecutive requests. The access token is retrieved using the OpenID Connect (OIDC) protocol. For more, general information about OpenID Connect, refer to our OpenID Connect documentation.
Signicat offers the client_secret_basic method for client authentication, as described in the OpenID Connect Core 1.0 specification. (opens new window)
# Using the service
Bear in mind that the examples shown in this section are only applicable for the client_secret_basic method.
# Required information
In order to call the OIDC endpoint, you will need:
- Client ID
- Client secret
- Scope
If you are not already a Signicat customer, you can use our demo credentials.
# API
| Environment | Base URL (Nordics)* | Base URL (Europe)* |
|---|---|---|
| Beta | https://beta.signicat.com/ | |
| Pre-production | https://preprod.signicat.com/ | https://eu01.preprod.signicat.com/ |
| Production | https://id.signicat.com/ | https://eu01.signicat.com/ |
* If you are unsure which environment to choose, contact your Signicat onboarding manager.
| Path | Verb | Content Type | Header | Input | Output |
|---|---|---|---|---|---|
| /oidc/token | POST | application/x-www-form-urlencoded | Authorisation header | TokenRequest | TokenResponse |
# Authorisation header
# When acquiring the access token
The authentication header is your Client ID and Client secret, joined with a colon in between and then base64-encoded. So, if your client id is foo and your client secret is bar, then the header value is:
foo:bar -> Zm9vOmJhcg==
In your HTTP request to the /oidc/token endpoint, the following header is then added:
Authorization: Basic Zm9vOmJhcg==
# When using the access token
When you’ve received the access token, you will need to apply an authorisation header when doing requests to the service resources that you are using. The access token header is:
Authorization: Bearer <YOUR ACCESS TOKEN HERE>
# Code examples
# Example using CURL
curl -X POST "https://<ENVIRONMENT>.signicat.com/oidc/token" \
-H "Authorization: Basic <CLIENT ID AND SECRET BASE64-ENCODED>" \
-d "grant_type=client_credentials&scope=<SCOPE>"
# Example request using Java
class TokenResponse {
@JsonProperty("access_token")
String accessToken;
@JsonProperty("token_type")
String tokenType;
@JsonProperty("scope")
String scope;
@JsonProperty("expires_in")
int expiresIn;
}
private static String getToken(CloseableHttpClient httpClient, String scope) {
ObjectMapper mapper = new ObjectMapper();
try {
HttpPost auth = new HttpPost(OIDC_URL);
Header authenticationHeader = new BasicScheme().authenticate(
new UsernamePasswordCredentials(CLIENT_ID, CLIENT_SECRET),
auth, null);
auth.addHeader(authenticationHeader);
List < NameValuePair > nvps = new ArrayList < NameValuePair > ()
nvps.add(new BasicNameValuePair("grant_type", "client_credentials"));
nvps.add(new BasicNameValuePair("scope", scope));
auth.setEntity(new UrlEncodedFormEntity(nvps, StandardCharsets.UTF_8));
TokenResponse tokenResponse = null;
try (CloseableHttpResponse response = httpClient.execute(auth)) {
tokenResponse = mapper.readValue(
EntityUtils.toString(
response.getEntity(),
StandardCharsets.UTF_8),
TokenResponse.class
);
return tokenResponse.getAccessToken();
} catch (ParseException | IOException e) {
e.printStackTrace();
}
} catch (AuthenticationException e) {
e.printStackTrace();
}
return null;
}
# Messages
# TokenRequest
| Name | Type | Description |
|---|---|---|
Scope | String | The requested scope. |
GrantType | String | The string "client_credentials" |
# TokenResponse
| Name | Type | Description |
|---|---|---|
AccessToken | String | The access token. |
TokenType | String | The string Bearer. |
Scope | String | The requested scope. |
ExpiresIn | Long | Milliseconds until the access token expires unless refreshed. |