Authentication
API endpoints
User tokens
Create a new user and generate an associated access token
POST
https://{domain}.biapi.pro/2.0/auth/init
This endpoint generates a new access token related to a new user.
Request body: AuthTokenInitRequest object
Response body: AuthToken object
Generate a temporary code
GET
https://{domain}.biapi.pro/2.0/auth/token/code
This endpoint generates a new temporary code for the current user.
This endpoint requires header authentication with a valid user access token.
In case the access token is already used by a trusted device, and you want to temporarily let another one (for example a web browser) access user resources, use this endpoint to generate a code that will expire in 30 minutes. If the generated code is intended to be used with our webview, you can use the singleAccess
token type.
Query Parameters
Response body: AuthCode object
Exchange a temporary code for a permanent user access token
POST
https://{domain}.biapi.pro/2.0/auth/token/access
This endpoint uses a temporary code to generate a permanent user access token.
Request body: AuthTokenExchangeRequest object
Response body: AuthTokenExchange object
Revoke an access token
DELETE
https://{domain}.biapi.pro/2.0/auth/token
This endpoint invalidates permanent access tokens. Subsequent calls using the provided permanent access token will fail.
The invalidated token is the one that is provided in the header for authentication.
Generate a new token for an existing user
POST
https://{domain}.biapi.pro/2.0/auth/renew
This endpoint generates a new permanent access token for an existing user, and revokes former tokens if explicitly requested.
Request body: AuthRenewRequest object
Response body: AuthTokenExchange object
Create a new user and generate an associated access token
POST
https://{domain}.biapi.pro/2.0/auth/init
Generate a temporary code
GET
https://{domain}.biapi.pro/2.0/auth/token/code
Query Parameters
Exchange a temporary code for a permanent user access token
POST
https://{domain}.biapi.pro/2.0/auth/token/access
Revoke an access token
DELETE
https://{domain}.biapi.pro/2.0/auth/token
Generate a new token for an existing user
POST
https://{domain}.biapi.pro/2.0/auth/renew
Service tokens
Generate a service token
POST
https://{domain}.biapi.pro/2.0/auth/token
This endpoint generates a special access token with a dedicated service scope
. The generated token will expire after 30 minutes.
A service token is a token that is not associated with a user but rather used to access a specific feature or service. For example, the Pay product requires the use of a payment
token.
Request body: AuthServiceTokenRequest object
Response body: AuthServiceToken object
Generate a service token
POST
https://{domain}.biapi.pro/2.0/auth/token
Data model
AuthTokenInitRequest object
If your client application credentials (client_id
and client_secret
) are both supplied, the generated token will be permanent. Otherwise, the token will expire in 30 minutes.
By default, the created user is temporary and will be deleted after 30 minutes if no permanent token is generated during this timeframe.
AuthToken object
AuthTokenType value
AuthCode object
AuthTokenExchangeRequest object
AuthTokenExchange object
AuthServiceTokenRequest object
AuthScope values
AuthServiceToken object
AuthRenewRequest object
Last updated