Authenticate with OAuth 2.0

Most API calls require authentication. The secuconnect API uses the OAuth 2.0 protocol for this purpose. The OAuth service checks your credentials, and hands an access token over to you. It grants you access to the API for a limited period of time. The client must pass this token with all subsequent API calls.

The endpoint for OAuth authorization is POST / oauth/token.

Request

POST /oauth/token HTTP/1.1
Host: connect-testing.secupay-ag.de
Content-Type: application/json
Accept: application/json
 
{
    "grant_type": "client_credentials",
    "client_id": "00563697073442633035025909838580",
    "client_secret": "3382456441636938321687549172178382320163695870914358804052148567"
}

If everything is fine, it responds with 200 OK and the token details:

Response

HTTP/1.1 200 OK
Content-Type: application/json
 
{
    "access_token": "qb56tjj1bcvo9n2nj4u38k84lo",
    "expires_in": 1200,
    "token_type": "bearer",
    "scope": "https://scope.secucard.com/e/api"
}

You need to pass the received token with your subsequent calls, using the Authorization: Bearer HTTP header. The above token is qb56tjj1bcvo9n2nj4u38k84lo, and it is valid for the next 1,200 seconds.

Example Request

GET /api/v2/General/Merchants/me HTTP/1.1
Host: connect-testing.secupay-ag.de
Authorization: Bearer qb56tjj1bcvo9n2nj4u38k84lo
Content-Type: application/json
Accept: application/json

Usually, one doesn't need to use HTTP directly. We provide SDKs for different programming languages free of charge.