Retrieve access token

Introduction

Before actually making any requests to the host-to-host API, you first need an access token from our identity provider. Make sure that you have your client_id and client_secret ready for the environment you will be using.

AuthenticationRetrieve access token

Authentication follows the Open ID Connect Client credentials flow. If you're not using an Open ID Connect client, you can generate tokens manually using the create access token API call.

Tokens will expire after a certain amount of time, and new tokens should only be created when the old tokens have expired.

Do not create a token for each call

Identity provider url

https://iam-test.sticitt.co.za

https://iam.sticitt.co.za

Endpoint

Use x-www-form-urlencoded data format for the request to align with Open ID Connect Specification.


POST	/connect/token

Request

client_id=your-client-id&
client_secret=your-client-secret&
grant_type=client_credentials&
scope=pay-sdk-api

Field	Description
client_id	API ID assigned to you
client_secret	API password securely assigned to you
grant_type	'client_credentials'
scope	'pay-sdk-api'

Response

    {
        "access_token": "your-access-token",
        "expires_in": 31104000,
        "token_type": "Bearer"
    } 

Field	Description
access_token	Fully contained JWT token used to
expires_in	Time in seconds
token_type	'Bearer'

Possible Responses

Status Code	Description	Reason
200	Success
400	Bad Request	At least one of the arguments are invalid
401	Unauthorized	Credentials invalid

Code sample

Here's a code sample as to what this request might look like.

using System;
using System.Net.Http;
using System.Threading.Tasks;

class Program
{
    static async Task Main()
    {
        await GetAccessTokenAsync();
    }

    static async Task GetAccessTokenAsync()
    {
        using (HttpClient client = new HttpClient())
        {
            var content = new FormUrlEncodedContent(new[]
            {
                new KeyValuePair<string, string>("grant_type", "client_credentials"),
                new KeyValuePair<string, string>("scope", "pay-sdk-api"),
                new KeyValuePair<string, string>("client_id", "your-client-id"),
                new KeyValuePair<string, string>("client_secret", "your-client-id-secret")
            });

            var response = await client.PostAsync("https://iam-test.sticitt.co.za/connect/token/", content);

            if (response.IsSuccessStatusCode)
            {
                var result = await response.Content.ReadAsStringAsync();
                Console.WriteLine(result);
            }
            else
            {
                Console.WriteLine($"Error: {response.StatusCode}");
            }
        }
    }
}

import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.http.HttpHeaders;
import java.net.http.HttpHeaders;
import java.util.Map;
import java.util.concurrent.CompletableFuture;

public class Main {

    public static void main(String[] args) {
        getAccessToken();
    }

    public static void getAccessToken() {
        HttpClient client = HttpClient.newHttpClient();

        // Build the form data
        String formData = "grant_type=client_credentials&scope=pay-sdk-api&client_id=your-client-id&client_secret=your-client-id-secret";

        HttpRequest request = HttpRequest.newBuilder()
                .uri(URI.create("https://iam-test.sticitt.co.za/connect/token/"))
                .header("Content-Type", "application/x-www-form-urlencoded")
                .POST(HttpRequest.BodyPublishers.ofString(formData))
                .build();

        client.sendAsync(request, HttpResponse.BodyHandlers.ofString())
                .thenApply(response -> {
                    if (response.statusCode() == 200) {
                        System.out.println(response.body());
                    } else {
                        System.out.println("Error: " + response.statusCode());
                    }
                    return response;
                })
                .join();
    }
}

<?php

$url = 'https://iam-test.sticitt.co.za/connect/token/';
$data = array(
    'grant_type' => 'client_credentials',
    'scope' => 'pay-sdk-api',
    'client_id' => 'your-client-id',
    'client_secret' => 'your-client-id-secret'
);

$options = array(
    'http' => array(
        'header' => "Content-type: application/x-www-form-urlencoded\r\n",
        'method' => 'POST',
        'content' => http_build_query($data),
    ),
);

$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);

if ($result === FALSE) {
    // Handle error
    echo "Error occurred while making the request.";
} else {
    echo $result;
}
?>

const axios = require('axios');

const url = 'https://iam-test.sticitt.co.za/connect/token/';
const data = {
    grant_type: 'client_credentials',
    scope: 'pay-sdk-api',
    client_id: 'your-client-id',
    client_secret: 'your-client-secret'
};

const headers = {
    'Content-Type': 'application/x-www-form-urlencoded'
};

axios.post(url, new URLSearchParams(data), { headers })
    .then(response => {
        console.log(response.data);
    })
    .catch(error => {
        console.error(`Error: ${error.response.status}`);
    });

import requests

url = "https://iam-test.sticitt.co.za/connect/token/"
data = {
    "grant_type": "client_credentials",
    "scope": "pay-sdk-api",
    "client_id": "your-client-id",
    "client_secret": "your-client-secret"
}

headers = {
    "Content-Type": "application/x-www-form-urlencoded"
}

response = requests.post(url, data=data, headers=headers)

if response.status_code == 200:
    print(response.text)
else:
    print(f"Error: {response.status_code}")

Last modified: 20 February 2025