Authentication
API endpoints
User tokens
Create a new user and generate an associated access token
POST https://{domain}.biapi.pro/2.0/auth/init
This endpoint generates a new access token related to a new user.
Request body: AuthTokenInitRequest object
Response body: AuthToken object
Generate a temporary code
GET https://{domain}.biapi.pro/2.0/auth/token/code
This endpoint generates a new temporary code for the current user.
This endpoint requires header authentication with a valid user access token.
In case the access token is already used by a trusted device, and you want to temporarily let another one (for example a web browser) access user resources, use this endpoint to generate a code that will expire in 30 minutes. If the generated code is intended to be used with our webview, you can use the singleAccess token type.
Query Parameters
| Name | Type | Description |
|---|---|---|
type | String | Type of the temporary code. |
Response body: AuthCode object
Exchange a temporary code for a permanent user access token
POST https://{domain}.biapi.pro/2.0/auth/token/access
This endpoint uses a temporary code to generate a permanent user access token.
Request body: AuthTokenExchangeRequest object
Response body: AuthTokenExchange object
Revoke an access token
DELETE https://{domain}.biapi.pro/2.0/auth/token
This endpoint invalidates permanent access tokens. Subsequent calls using the provided permanent access token will fail.
The invalidated token is the one that is provided in the header for authentication.
Generate a new token for an existing user
POST https://{domain}.biapi.pro/2.0/auth/renew
This endpoint generates a new permanent access token for an existing user, and revokes former tokens if explicitly requested.
Request body: AuthRenewRequest object
Response body: AuthTokenExchange object
Create a new user and generate an associated access token
POST https://{domain}.biapi.pro/2.0/auth/init
Generate a temporary code
GET https://{domain}.biapi.pro/2.0/auth/token/code
Query Parameters
| Name | Type | Description |
|---|---|---|
type | String | tWTP6Ewv25HX |
Exchange a temporary code for a permanent user access token
POST https://{domain}.biapi.pro/2.0/auth/token/access
Revoke an access token
DELETE https://{domain}.biapi.pro/2.0/auth/token
Generate a new token for an existing user
POST https://{domain}.biapi.pro/2.0/auth/renew
Service tokens
Generate a service token
POST https://{domain}.biapi.pro/2.0/auth/token
This endpoint generates a special access token with a dedicated service scope. The generated token will expire after 30 minutes.
A service token is a token that is not associated with a user but rather used to access a specific feature or service. For example, the Pay product requires the use of a payment token.
Request body: AuthServiceTokenRequest object
Response body: AuthServiceToken object
Generate a service token
POST https://{domain}.biapi.pro/2.0/auth/token
Data model
AuthTokenInitRequest object
| Property | Type | Required | Description |
|---|---|---|---|
| String | No | The ID of the calling client application. |
| String | No | The client secret associated with the client ID. |
If your client application credentials (client_id and client_secret) are both supplied, the generated token will be permanent. Otherwise, the token will expire in 30 minutes.
By default, the created user is temporary and will be deleted after 30 minutes if no permanent token is generated during this timeframe.
AuthToken object
| Property | Type | Description |
|---|---|---|
| String | An access token to use for subsequent API calls. |
| String | The type of the token, |
| Integer | ID of the created user. |
| Integer or null | The optional expiration delay of the token, in seconds. |
AuthTokenType value
| Value | Description |
|---|---|
| The code can only be used once. |
| The code expires after 30 min. |
AuthCode object
| Property | Type | Description |
|---|---|---|
| String | The generated temporary code. |
| String | The type of the generated code. The only value is |
| String | The type of access granted, |
| Integer or null | The expiration delay of the code, in seconds. |
AuthTokenExchangeRequest object
| Name | Type | Required | Description |
|---|---|---|---|
| String | No | The only accepted (and default) value is |
| String | Yes | The ID of the calling client application. |
| String | Yes | The client secret associated with the client ID. |
| String | Yes | The temporary code that was delivered. |
AuthTokenExchange object
| Property | Type | Description |
|---|---|---|
| String | The generated permanent user access token. |
| String | The type of token. The only value is |
AuthServiceTokenRequest object
| Name | Type | Required | Description |
|---|---|---|---|
| String | Yes | The only accepted value is |
| String | Yes | The ID of the calling client application. |
| String | Yes | The client secret associated to the client ID. |
| AuthScope string or array | Yes | The permission scopes to authorize for this token. It can be a simple string value, or an array for multiple scopes. |
AuthScope values
| Product | Name | Description |
|---|---|---|
Pay |
| Grants all rights on payments. |
Pay |
| Only GET requests are allowed on payments. |
Pay |
| Grants read access on sensitive information for payments. |
Pay |
| Allows to execute payments. |
Pay |
| Allows to submit payment cancellation requests. |
Pay |
| (Deprecated). Alias for |
AuthServiceToken object
| Property | Type | Description |
|---|---|---|
| String | The generated service token. |
| String | The service token dedicated scope. |
AuthRenewRequest object
| Name | Type | Required | Description |
|---|---|---|---|
| String | Yes | The only accepted value is |
| String | Yes | The ID of the calling client application. |
| String | Yes | The client secret associated with the client ID. |
| Integer | Yes | User for whom the token has to be generated. If not supplied, a user will be created. |
| Boolean | No | If true, all other permanent tokens for the user will be deleted. The default is false. |
Last updated