Authentication

You'll need to authenticate your requests to access any of the endpoints in Stacc Mortgage API. We use Keycloak for authentication, implementing the OAuth2 client credentials flow.

Getting an access token

When establishing a connection using OAuth2, you will need your client_id and client_secret — you can find your clients on the Credentials page.

To get an access token, send a POST request to the Keycloak token endpoint. The response will include your access token and its expiration details.

Required attributes

  • Name
    grant_type
    Type
    string
    Description

    Must be set to client_credentials.

  • Name
    client_id
    Type
    string
    Description

    Your client ID from the Credentials page.

  • Name
    client_secret
    Type
    string
    Description

    Your client secret from the Credentials page.

Response attributes

  • Name
    access_token
    Type
    string
    Description

    The JWT token to use for API requests.

  • Name
    expires_in
    Type
    integer
    Description

    Token validity period in seconds (300 seconds / 5 minutes).

  • Name
    refresh_expires_in
    Type
    integer
    Description

    Refresh token validity period in seconds (1800 seconds / 30 minutes).

  • Name
    token_type
    Type
    string
    Description

    Always set to Bearer.

Get access token

POST
/token
curl -X POST https://oidc.link-demo.stacc.live/realms/champ-mortgage-no/protocol/openid-connect/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id={client_id}" \
  -d "client_secret={client_secret}"

Using the access token

Add the access token to your request headers using the Bearer scheme. The token must be included in all API requests.

Example

GET
/api/mortgage
curl https://api-gateway.demo.mortgage.link-demo.stacc.live/api/mortgage \
  -H "Authorization: Bearer {access_token}"