Authentication
post
https://{domain}.biapi.pro/2.0
/auth/init
Create a new user and generate an associated access token
get
https://{domain}.biapi.pro/2.0
/auth/token/code
Generate a temporary code
post
https://{domain}.biapi.pro/2.0
/auth/token/access
Exchange a temporary code for a permanent user access token
delete
https://{domain}.biapi.pro/2.0
/auth/token
Revoke an access token
post
https://{domain}.biapi.pro/2.0
/auth/renew
Generate a new token for an existing user
post
https://{domain}.biapi.pro/2.0
/auth/token
Generate a service token
Property | Type | Required | Description |
---|---|---|---|
client_id | String | No | The ID of the calling client application. |
client_secret | String | No | The client secret associated with the client ID. |
If your client application credentials (
client_id
and client_secret
) are both supplied, the generated token will be permanent. Otherwise, the token will expire in 30 minutes.By default, the created user is temporary and will be deleted after 30 minutes if no permanent token is generated during this timeframe.
Property | Type | Description |
---|---|---|
auth_token | String | An access token to use for subsequent API calls. |
type | String | The type of the token, temporary or permanent . |
id_user | Integer | ID of the created user. |
expires_in | Integer or null | The optional expiration delay of the token, in seconds. |
Value | Description |
---|---|
singleAccess | The code can only be used once. |
requestAccess | The code expires after 30 min. |
Property | Type | Description |
---|---|---|
code | String | The generated temporary code. |
type | String | The type of the generated code. The only value is temporary . |
access | String | The type of access granted, single or standard . |
expires_in | Integer or null | The expiration delay of the code, in seconds. |
Name | Type | Required | Description |
---|---|---|---|
grant_type | String | No | The only accepted (and default) value is authorization_code . |
client_id | String | Yes | The ID of the calling client application. |
client_secret | String | Yes | The client secret associated with the client ID. |
code | String | Yes | The temporary code that was delivered. |
Property | Type | Description |
---|---|---|
access_token | String | The generated permanent user access token. |
token_type | String | The type of token. The only value is Bearer . |
Name | Type | Required | Description |
---|---|---|---|
grant_type | String | Yes | The only accepted value is client_credentials . |
client_id | String | Yes | The ID of the calling client application. |
client_secret | String | Yes | The client secret associated to the client ID. |
scope | Yes | The permission scopes to authorize for this token.
It can be a simple string value, or an array for multiple scopes. |
Product | Name | Description |
---|---|---|
Pay | payments:admin | Grants all rights on payments. |
Pay | payments:read-only | Only GET requests are allowed on payments. |
Pay | payments:allow-sensitive | Grants read access on sensitive information for payments. |
Pay | payments:validate | Allows to execute payments. |
Pay | payments:cancel | Allows to submit payment cancellation requests. |
Pay | payments | (Deprecated). Alias for payments:admin . |
Property | Type | Description |
---|---|---|
token | String | The generated service token. |
scope | String | The service token dedicated scope. |
Name | Type | Required | Description |
---|---|---|---|
grant_type | String | Yes | The only accepted value is client_credentials . |
client_id | String | Yes | The ID of the calling client application. |
client_secret | String | Yes | The client secret associated with the client ID. |
id_user | Integer | Yes | User for whom the token has to be generated. If not supplied, a user will be created. |
revoke_previous | Boolean | No | If true, all other permanent tokens for the user will be deleted. The default is false. |
Last modified 1mo ago