The Certificate Based Authentication (CBA) flow is suitable for server-to-server integrations where authentication must to be done without human intervention.
JSON Web Token (JWT) is used to securely transmit information between the application and Saxobank.
Note The CBA flow is not available for most apps. You need to contact SaxoBank to apply for approval.
A tutorial on this grant type: https://www.developer.saxo/openapi/learn/oauth-certificate-based-authentication
Steps:
- You already have an account on SIM. With the CBA you'll sign in with this account.
- Sign in on SaxoTraderGO on SIM using Chrome to get a certificate. There is a manual for this. Saxo cannot do this for you, the certificate is confidential.
- Create an app dedicated for this purpose. Use the Grant Type "Code". The Redirect URL can be any URL, but try to make it unique. If it is not unique, Saxo will create a unique URL for you.
- Ask Saxo to give your app CBA privileges. For this, Saxo needs your ClientId and AppKey.
- Once your app has CBA privileges, your good to go. See the Github for a NodeJs and C# sample.
- Convert the p12 certificate to a PEM file by using this command (it is renamed to .PHP, to prevent it from being downloaded in case you mistakenly(!) place it on a webserver):
openssl pkcs12 -in 6B000007CA3413AA65FEA7F1230002000007CA.p12 -out private-key-with-cert.pem.php -clcerts -nodes -passin pass:GdhqABCDThe password is provided when generating the p12 file.