Authentication Method

Card Issuing API enforces HTTP Bearer Token Authentication on incoming requests. This mechanism utilizes the standard Authorization field in the header for holding the credentials.

Obtaining tokens

StraitsX distributes client id and secret directly to customers via email. Before you start consuming the endpoint, please use the shared credentials to obtain a token.

🚧

Securing your API Keys

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Authorization and Authentication Server

For Sandbox + Production environment, both using the same authentication server:

https://sso.straitsx.com/auth/realms/xfers-internal/protocol/openid-connect/token

Obtaining the access token

To retrieve an access token for testing purposes, please run this in the terminal:

curl --request POST \
  --url https://sso.straitsx.com/auth/realms/xfers-internal/protocol/openid-connect/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=<your_client_id> \
  --data client_secret=<your_client_secret> \
  --data scope=openid

You can also generate the access token by the programming language you're using.

Once you have obtained the access token, you are ready to begin using our Card Issuing API!