Authentication

API endpoints

User tokens

Create a new user and generate an associated access token

POST https://{domain}.biapi.pro/2.0/auth/init

This endpoint generates a new access token related to a new user.

Request body: AuthTokenInitRequest object

Response body: AuthToken object

Generate a temporary code

GET https://{domain}.biapi.pro/2.0/auth/token/code

This endpoint generates a new temporary code for the current user.

This endpoint requires header authentication with a valid user access token.

In case the access token is already used by a trusted device, and you want to temporarily let another one (for example a web browser) access user resources, use this endpoint to generate a code that will expire in 30 minutes. If the generated code is intended to be used with our webview, you can use the singleAccess token type.

Query Parameters

Response body: AuthCode object

Exchange a temporary code for a permanent user access token

POST https://{domain}.biapi.pro/2.0/auth/token/access

This endpoint uses a temporary code to generate a permanent user access token.

Request body: AuthTokenExchangeRequest object

Revoke an access token

DELETE https://{domain}.biapi.pro/2.0/auth/token

This endpoint invalidates permanent access tokens. Subsequent calls using the provided permanent access token will fail.

The invalidated token is the one that is provided in the header for authentication.

Generate a new token for an existing user

POST https://{domain}.biapi.pro/2.0/auth/renew

This endpoint generates a new permanent access token for an existing user, and revokes former tokens if explicitly requested.

Request body: AuthRenewRequest object

Create a new user and generate an associated access token

POST https://{domain}.biapi.pro/2.0/auth/init

Generate a temporary code

GET https://{domain}.biapi.pro/2.0/auth/token/code

Query Parameters

Exchange a temporary code for a permanent user access token

POST https://{domain}.biapi.pro/2.0/auth/token/access

Revoke an access token

DELETE https://{domain}.biapi.pro/2.0/auth/token

Generate a new token for an existing user

POST https://{domain}.biapi.pro/2.0/auth/renew

Service tokens

Generate a service token

POST https://{domain}.biapi.pro/2.0/auth/token

This endpoint generates a special access token with a dedicated service scope. The generated token will expire after 30 minutes.

A service token is a token that is not associated with a user but rather used to access a specific feature or service. For example, the Pay product requires the use of a payment token.

Request body: AuthServiceTokenRequest object

Generate a service token

POST https://{domain}.biapi.pro/2.0/auth/token

Data model

AuthTokenInitRequest object

If your client application credentials (client_id and client_secret) are both supplied, the generated token will be permanent. Otherwise, the token will expire in 30 minutes.

By default, the created user is temporary and will be deleted after 30 minutes if no permanent token is generated during this timeframe.

AuthToken object

AuthTokenType value

AuthCode object

AuthTokenExchangeRequest object

AuthTokenExchange object

AuthServiceTokenRequest object

AuthScope values

AuthServiceToken object

AuthRenewRequest object

Last updated