Enterprise Authentication
Access to the Enterprise API requires use of the Enterprise Authentication API. You can test the available features, data and possibilities in sandbox environment freely, but partnerships and access to production environment will be evaluated on an case by case basis.
The authentication is based on a client ID and a client secret that should be used to obtain access tokens to access the Enterprise API. The client ID and client secret are provided by SBAB when a partnership is established.
Client Credentials
All of Enterprise API operations require an access token obtained through basic auth using client credentials.
For this simple flow, you only have to request a new access token using your client ID and client secret. In the sandbox that role is taken by your personal bearer token, like so:
curl -X POST \
"https://developer.sbab.se/sandbox/api/auth/1.0/token" \
-H "Accept: application/json" \
-H "Authorization: Bearer 12345678-90ab-cdef-1234-567890abcdef" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d grant_type=client_credentialsThe response would look like the following:
{
"access_token": "3b536ddc-986a-477c-8cf5-ce1e867845a4",
"expires_in": 1800,
"token_type": "bearer"
}Bearer token authentication in sandbox
A personal sandbox account can be used to authenticate in the sandbox, and you can create one here if you haven't done so yet, free of charge.
The authorization key you receive when registering is a bearer token that should be sent on the Authorization header
of every request during the authorization flows under enterprise section in the sandbox.
Note that the client credential token that can be obtained in the sandbox can not be used to as authentication for the other calls in the sandbox.
Sandbox testing
Test the API
Production Gateway URL
When you move into production use of our APIs, remember to change the domain from the sandbox one to the production one:
https://api.sbab.se