Authentication

All SICORE API requests require a valid Bearer token in the Authorization header.

Getting credentials

Contact SICORE to request API access. Once approved, you will receive a JSON key file for your service account containing a private key, key ID, and user ID.

Obtaining an access token

Exchange your JSON key for a short-lived access token using the JWT Bearer grant.

1. Sign a JWT assertion

Sign a JWT with your private key using the following claims:

Claim	Value
`iss`	the `userId` from your JSON key
`sub`	the `userId` from your JSON key
`aud`	`https://zitadel.sicore.dev`
`iat`	current timestamp
`exp`	current timestamp + 300 (5 minutes)

Use algorithm RS256 and set the kid header to the keyId from your JSON key.

2. Exchange the assertion for a token

curl -X POST https://zitadel.sicore.dev/oauth/v2/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer" \
  -d "assertion=<signed-jwt>" \
  -d "scope=openid urn:zitadel:iam:org:project:id:367445547600120900:aud urn:zitadel:iam:org:projects:roles"

The response contains an access_token field. The token is valid for 12 hours.

Using the token

Include the access token in every request:

curl https://api.sicore.dev/v1/valuations \
  -H "Authorization: Bearer <access_token>"

Error handling

Status	Meaning
`401`	Token is missing, invalid, or expired

If your token has expired, obtain a new one by repeating the token exchange. If your key has been revoked, contact SICORE.

Getting credentials​

Obtaining an access token​

1. Sign a JWT assertion​

2. Exchange the assertion for a token​

Using the token​

Error handling​