Links

Authentication

API endpoints

User tokens

post
https://{domain}.biapi.pro/2.0
/auth/init
Create a new user and generate an associated access token
get
https://{domain}.biapi.pro/2.0
/auth/token/code
Generate a temporary code
post
https://{domain}.biapi.pro/2.0
/auth/token/access
Exchange a temporary code for a permanent user access token
delete
https://{domain}.biapi.pro/2.0
/auth/token
Revoke an access token
post
https://{domain}.biapi.pro/2.0
/auth/renew
Generate a new token for an existing user

Service tokens

post
https://{domain}.biapi.pro/2.0
/auth/token
Generate a service token

Data model

AuthTokenInitRequest object

Property
Type
Required
Description
client_id
String
No
The ID of the calling client application.
client_secret
String
No
The client secret associated with the client ID.
If your client application credentials (client_id and client_secret) are both supplied, the generated token will be permanent. Otherwise, the token will expire in 30 minutes.
By default, the created user is temporary and will be deleted after 30 minutes if no permanent token is generated during this timeframe.

AuthToken object

Property
Type
Description
auth_token
String
An access token to use for subsequent API calls.
type
String
The type of the token, temporary or permanent .
id_user
Integer
ID of the created user.
expires_in
Integer or null
The optional expiration delay of the token, in seconds.

AuthTokenType value

Value
Description
singleAccess
The code can only be used once.
requestAccess
The code expires after 30 min.

AuthCode object

Property
Type
Description
code
String
The generated temporary code.
type
String
The type of the generated code. The only value is temporary.
access
String
The type of access granted, single or standard.
expires_in
Integer or null
The expiration delay of the code, in seconds.

AuthTokenExchangeRequest object

Name
Type
Required
Description
grant_type
String
No
The only accepted (and default) value is authorization_code.
client_id
String
Yes
The ID of the calling client application.
client_secret
String
Yes
The client secret associated with the client ID.
code
String
Yes
The temporary code that was delivered.

AuthTokenExchange object

Property
Type
Description
access_token
String
The generated permanent user access token.
token_type
String
The type of token. The only value is Bearer.

AuthServiceTokenRequest object

Name
Type
Required
Description
grant_type
String
Yes
The only accepted value is client_credentials.
client_id
String
Yes
The ID of the calling client application.
client_secret
String
Yes
The client secret associated to the client ID.
scope
AuthScope string or array
Yes
The permission scopes to authorize for this token. It can be a simple string value, or an array for multiple scopes.

AuthScope values

Product
Name
Description
Pay
payments:admin
Grants all rights on payments.
Pay
payments:read-only
Only GET requests are allowed on payments.
Pay
payments:allow-sensitive
Grants read access on sensitive information for payments.
Pay
payments:validate
Allows to execute payments.
Pay
payments:cancel
Allows to submit payment cancellation requests.
Pay
payments
(Deprecated). Alias for payments:admin.

AuthServiceToken object

Property
Type
Description
token
String
The generated service token.
scope
String
The service token dedicated scope.

AuthRenewRequest object

Name
Type
Required
Description
grant_type
String
Yes
The only accepted value is client_credentials.
client_id
String
Yes
The ID of the calling client application.
client_secret
String
Yes
The client secret associated with the client ID.
id_user
Integer
Yes
User for whom the token has to be generated. If not supplied, a user will be created.
revoke_previous
Boolean
No
If true, all other permanent tokens for the user will be deleted. The default is false.