Authentication

API endpoints
User tokens
post
https://{domain}.biapi.pro/2.0
/auth/init
Create a new user and generate an associated access token
get
https://{domain}.biapi.pro/2.0
/auth/code
Generate a temporary code
post
https://{domain}.biapi.pro/2.0
/auth/token/access
Exchange a temporary code for a permanent user access token
delete
https://{domain}.biapi.pro/2.0
/auth/token
Revoke an access token
post
https://{domain}.biapi.pro/2.0
/auth/token/renew
Generate a new token for an existing user
Service tokens
post
https://{domain}.biapi.pro/2.0
/auth/token
Generate a service token
Data model
AuthTokenInitRequest object
Property
Type
Required
Description
client_id
String
No
The ID of the calling client application.
client_secret
String
No
The client secret associated with the client ID.
If your client application credentials (client_id and client_secret) are both supplied, the generated token will be permanent. Otherwise, the token will expire in 30 minutes.
By default, the created user is temporary and will be deleted after 30 minutes if no permanent token is generated during this timeframe.
AuthToken object
Property
Type
Description
auth_token
String
An access token to use for subsequent API calls.
type
String
The type of the token, temporary or permanent .
id_user
Integer
ID of the created user.
expires_in
Integer or null
The optional expiration delay of the token, in seconds.
AuthTokenType value
Value
Description
singleAccess
The code can only be used once.
requestAccess
The code expires after 30 min.
AuthCode object
Property
Type
Description
code
String
The generated temporary code.
type
String
The type of the generated code. The only value is temporary.
access
String
The type of access granted, single or standard.
expires_in
Integer or null
The expiration delay of the code, in seconds.
AuthTokenExchangeRequest object
Name
Type
Required
Description
grant_type
String
No
The only accepted (and default) value is authorization_code.
client_id
String
Yes
The ID of the calling client application.
client_secret
String
Yes
The client secret associated with the client ID.
code
String
Yes
The temporary code that was delivered.
AuthTokenExchange object
Property
Type
Description
access_token
String
The generated permanent user access token.
token_type
String
The type of token. The only value is Bearer.
AuthServiceTokenRequest object
Name
Type
Required
Description
grant_type
String
Yes
The only accepted value is client_credentials.
client_id
String
Yes
The ID of the calling client application.
client_secret
String
Yes
The client secret associated to the client ID.
scope
​AuthScope string or array
Yes
The permission scopes to authorize for this token.
It can be a simple string value, or an array for multiple scopes.
AuthScope values
Product
Name
Description
Pay
payments:admin
Grants all rights on payments.
Pay
payments:read-only
Only GET requests are allowed on payments.
Pay
payments:allow-sensitive
Grants read access on sensitive information for payments.
Pay
payments:validate
Allows to execute payments.
Pay
payments:cancel
Allows to submit payment cancellation requests.
Pay
payments
(Deprecated). Alias for payments:admin.
AuthServiceToken object
Property
Type
Description
token
String
The generated service token.
scope
String
The service token dedicated scope.
AuthTokenRenewRequest object
Name
Type
Required
Description
grant_type
String
Yes
The only accepted value is client_credentials.
client_id
String
Yes
The ID of the calling client application.
client_secret
String
Yes
The client secret associated with the client ID.
id_user
Integer
Yes
User for whom the token has to be generated. If not supplied, a user will be created.
revoke_previous
Boolean
No
If true, all other permanent tokens for the user will be deleted. The default is false.

Property	Type	Required	Description
`client_id`	String	No	The ID of the calling client application.
`client_secret`	String	No	The client secret associated with the client ID.

Property	Type	Description
`auth_token`	String	An access token to use for subsequent API calls.
`type`	String	The type of the token, `temporary` or `permanent` .
`id_user`	Integer	ID of the created user.
`expires_in`	Integer or null	The optional expiration delay of the token, in seconds.

Value	Description
`singleAccess`	The code can only be used once.
`requestAccess`	The code expires after 30 min.

Property	Type	Description
`code`	String	The generated temporary code.
`type`	String	The type of the generated code. The only value is `temporary`.
`access`	String	The type of access granted, `single` or `standard`.
`expires_in`	Integer or null	The expiration delay of the code, in seconds.

Name	Type	Required	Description
`grant_type`	String	No	The only accepted (and default) value is `authorization_code`.
`client_id`	String	Yes	The ID of the calling client application.
`client_secret`	String	Yes	The client secret associated with the client ID.
`code`	String	Yes	The temporary code that was delivered.

Property	Type	Description
`access_token`	String	The generated permanent user access token.
`token_type`	String	The type of token. The only value is `Bearer`.

Name	Type	Required	Description
`grant_type`	String	Yes	The only accepted value is `client_credentials`.
`client_id`	String	Yes	The ID of the calling client application.
`client_secret`	String	Yes	The client secret associated to the client ID.
`scope`	AuthScope string or array	Yes	The permission scopes to authorize for this token. It can be a simple string value, or an array for multiple scopes.

Product	Name	Description
Pay	`payments:admin`	Grants all rights on payments.
Pay	`payments:read-only`	Only GET requests are allowed on payments.
Pay	`payments:allow-sensitive`	Grants read access on sensitive information for payments.
Pay	`payments:validate`	Allows to execute payments.
Pay	`payments:cancel`	Allows to submit payment cancellation requests.
Pay	`payments`	(Deprecated). Alias for `payments:admin`.

Property	Type	Description
`token`	String	The generated service token.
`scope`	String	The service token dedicated scope.

Name	Type	Required	Description
`grant_type`	String	Yes	The only accepted value is `client_credentials`.
`client_id`	String	Yes	The ID of the calling client application.
`client_secret`	String	Yes	The client secret associated with the client ID.
`id_user`	Integer	Yes	User for whom the token has to be generated. If not supplied, a user will be created.
`revoke_previous`	Boolean	No	If true, all other permanent tokens for the user will be deleted. The default is false.

Last modified 1mo ago