Authentication
You'll need to authenticate your requests to access any of the endpoints in Stacc Mortgage API. We use Keycloak for authentication, implementing the OAuth2 client credentials flow.
Getting an access token
When establishing a connection using OAuth2, you will need your client_id and client_secret —
you can find your clients on the Credentials page.
To get an access token, send a POST request to the Keycloak token endpoint. The response will include your access token and its expiration details.
Required attributes
- Name
grant_type- Type
- string
- Description
Must be set to
client_credentials.
- Name
client_id- Type
- string
- Description
Your client ID from the Credentials page.
- Name
client_secret- Type
- string
- Description
Your client secret from the Credentials page.
Response attributes
- Name
access_token- Type
- string
- Description
The JWT token to use for API requests.
- Name
expires_in- Type
- integer
- Description
Token validity period in seconds (300 seconds / 5 minutes).
- Name
refresh_expires_in- Type
- integer
- Description
Refresh token validity period in seconds (1800 seconds / 30 minutes).
- Name
token_type- Type
- string
- Description
Always set to
Bearer.
Get access token
curl -X POST https://oidc.link-demo.stacc.live/realms/champ-mortgage-no/protocol/openid-connect/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "client_id={client_id}" \
-d "client_secret={client_secret}"
Using the access token
Add the access token to your request headers using the Bearer scheme. The token must be included in all API requests.
Always keep your credentials safe and reset them if you suspect they have been compromised.
Example
curl https://api-gateway.demo.mortgage.link-demo.stacc.live/api/mortgage \
-H "Authorization: Bearer {access_token}"