Client-Credential-Flow

The Authorization API provides authentication to Europace for APIs. It is a mandatory requirement for using Europace APIs.

advisors loan providers mortgage loans consumer loans

authentication

Documentation

YAML YAML

Usecases

  • login user of my organization to use europace-apis with his identity

Quickstart

To test our APIs and your use case as quickly as possible, we’ve put together a Postman Collection for you.

How to get an access-token?

Requirements

To login to Europace with client-credential-flow

example request:

POST /auth/token HTTP/1.1
Host: api.europace.de
Authorization: Basic RVdM...
Content-Type: application/x-www-form-urlencoded
Content-Length: 29

grant_type=client_credentials

example response:

{  
   "access_token": [access_token],
   "scope": [available scopes],
   "token_type": "Bearer",
   "expires_in": 3600   
}

In this case, an access_token is created as identity on behalf of the partner to which the client is registered.

The rights of the client are the same of the identity filtered by scope. To know as client, what you are able to do, please check the scopes to maybe shape the functions you provide.

How to call an API with access-token?

With the access_token as a Bearer token you can make requests to the Europace APIs. Request header variable: Authorization: Bearer [access_token]

Using the example of the Vorgaenge API:

GET /v2/vorgaenge HTTP/1.1
Host: api.europace2.de
Content-Type: application/json
Authorization: Bearer {access_token}

How to authenticate different users with one client? (Impersonation)

The imperseded OAuth2 method is used when the API needs the specific user and you don’t want to register a client for each user. It is enough to have one client for the organization that acts as a general key and can be used to login users that the organization (ressource owner) has access to.

example request:

POST /auth/token HTTP/1.1
Host: api.europace.de
Authorization: Basic RVdM...
Content-Type: application/x-www-form-urlencoded
Content-Length: 186

grant_type=client_credentials
&subject=ABC12
&actor=XYZ54
&scope=impersonieren%20baufinanzierung%3Avorgang%3Alesen
ParametersDescription
Subjectthe partnerId of the user to login
Actorthe partnerId of the registered client

Note: The Actor partnerid must be placed above the Subject partnerid in the partner management structure, otherwise the necessary access rights are missing. There can be any number of scopes between the partnerids.
Scope "-separated list of scopes required for the token

Note: The scope impersonate must be included if subject and actor are different or one of them is specified.

Requested scopes are restricted according to the actor’s permissions and the client’s approval by the actor. It is possible to request restricted access by specifying specific scopes. A scope represents an authorization to perform actions on Europace. If no scopes are requested, the scope results from the scopes stored during client registration. The currently available scopes are maintained in an Overview.

example response:

{  
   "access_token": [access_token],
   "scope": [available scopes],
   "token_type": "Bearer",
   "expires_in": 3600   
}

The identity of the token respresents the subject not the partner, where the client is registered.

Terms of use

The APIs are made available under the following Terms of Use.

Support

If you have any questions or problems, you can contact devsupport@europace2.de.