API Clients

Registering OAuth clients via the admin portal and production settings.

You can register an OAuth client through our Admin portal. We will then generate a client_id and client_secret corresponding to your client. These credentials will be used to authenticate your client on every route of our Auth API.

To correctly authenticate your client, you will need to send your client credentials in the Authorisation header in the following format:

Authorisation: Basic Base64_encode(<client_id>:<client_secret>)

API Client Metadata

Accounts authorisation

When using our accounts authorisation API you will be able to connect using a client_secret_basic client authentication but we suggest to use this authentication only when you start using the API.

Below we outline the settings that API clients need in order to be used in Production but you should configure your API client that way as soon as you can.

Payments authorisation

When using our payments authorisation API you can't use client_secret_basic client authentication, instead you will need the following settings:

  1. Either a <<glossary:JWKS>> registered or a jwks_uri configured, i.e. either the <<glossary:JWKS>> or JWKS_URI field filled in.
  2. Client Authentication configured to be private_key_jwt
  3. Request Object signing alg configured to be one of the RS_, ES_ or PS* algorithms
  4. ID token signing alg configured to be one of the RS_, ES_ or PS* algorithms
  5. Response type set to be code or code id token
  6. Grant types to be authorization_code, refresh_token and client_credentials. You will also need implicit if id token is set in the response type

Production