Authentication

The Bumblebee API is protected with API tokens. An API token indicates you are allowed to manipulate data from a customer. A token can be created by administrators here.

The API token contains a random password (the access_token), which is valid for a certain period. You can use this password to access the API until it expires, after which you have to refresh the token to generate a new random password.

Example API Token

{
  "api_token": {
    "id": "Abc123",
    "access_token": "Abc123Def456Ghi789Jk",
    "expires_at": "2021-01-01T13:00:00.000+01:00",
    "refresh_token": "Lmn987Opq654Rst321Uv",
    "refresh_url": "https://my.iobee.eu/api/token/Abc123/refresh"
  }
}
<?xml version="1.0" encoding="UTF-8"?>
<api-token>
  <id>Abc123</id>
  <access-token>Abc123Def456Ghi789Jk</access-token>
  <expires-at type="dateTime">2021-01-01T13:00:00+01:00</expires-at>
  <refresh-token>Lmn987Opq654Rst321Uv</refresh-token>
  <refresh-url>https://my.iobee.eu/api/token/Abc123/refresh</refresh-url>
</api-token>

Fields

id The unique id of this token
access_token The secret token you can use to access our API
expires_at The expiry date for the access_token field. The token can no longer be used after this moment.
refresh_token The secret token you use to request a new access_token. This value is hashed in our database and can not be retrieved later. If you have lost the refresh token, you have to create a new API token, the old token can not be refreshed anymore.
refresh_url The URL of the API to request a new access_token

Usage

To authenticate yourself in the API, you must put the access_token in the header of the request, like so:

Authorization: Token token="Abc123Def456Ghi789Jk"

The exception to this is the refresh service, where you have to use the refresh_token in the header.