Authentication

You'll need to authenticate your requests to access any of the endpoints in the Stacc SBL API. In this guide, we'll look at how authentication works. We offer a single way to authenticate your API requests: OAuth2 - with client credentials

Getting the bearer token

Fetching the required bearer token for the API is done using a conventional OAuth2.0 client_credentials authentication flow. You can use basic authentication, where your clientId and clientSecret is base64encoded as the basic authentication. Here is an example using cURL:

Example request to fetch a bearer token

curl -XPOST https://oidc.express.stacc.live/realms/express/protocol/openid-connect/token \
  -H 'Authorization: Basic c3Bh...aWkdt' \
  -d "grant_type=client_credentials"

Using the bearer token

When establishing a connection using OAuth2, you will need your client_id and client_secret — you will find it in the Protocol dashboard under API settings. Here's how to add the token to the request header using cURL:

Example request with bearer token

curl https://api.sbl.express.stacc.live/api/start \
  -H "Authorization: Bearer {token}"

Always keep your credentials safe and reset it if you suspect it has been compromised.

Was this page helpful?