Go to ContentGo to Sidebar navigation
Menu
Enterprise Auth

Enterprise Authentication

Access to the Enterprise API requires use of the Enterprise Authentication API. You can test the available features, data and possibilities in sandbox environment freely, but partnerships and access to production environment will be evaluated on an case by case basis.

The authentication is based on a client ID and a client secret that should be used to obtain access tokens to access the Enterprise API. The client ID and client secret are provided by SBAB when a partnership is established.

Client Credentials

All of Enterprise API operations require an access token obtained through basic auth using client credentials.

For this simple flow, you only have to request a new access token using your client ID and client secret. In the sandbox that role is taken by your personal bearer token, like so:

curl -X POST \ "https://developer.sbab.se/sandbox/api/auth/1.0/token" \ -H "Accept: application/json" \ -H "Authorization: Bearer 12345678-90ab-cdef-1234-567890abcdef" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d grant_type=client_credentials

The response would look like the following:

{ "access_token": "3b536ddc-986a-477c-8cf5-ce1e867845a4", "expires_in": 1800, "token_type": "bearer" }

Bearer token authentication in sandbox

A personal sandbox account can be used to authenticate in the sandbox, and you can create one here if you haven't done so yet, free of charge.

The authorization key you receive when registering is a bearer token that should be sent on the Authorization header of every request during the authorization flows under enterprise section in the sandbox.

Note that the client credential token that can be obtained in the sandbox can not be used to as authentication for the other calls in the sandbox.

Sandbox testing

Test the API

Production Gateway URL

When you move into production use of our APIs, remember to change the domain from the sandbox one to the production one:

https://api.sbab.se