Authentication
The Bumblebee API is protected with API tokens. An API token indicates you are allowed to manipulate data from a customer. A token can be created by administrators here.
The API token contains a random password (the access_token), which is valid for a certain period. You can use
this password to access the API until it expires, after which you have
to refresh the token to generate a new random password.
Example API Token
{
"api_token": {
"id": "Abc123",
"access_token": "Abc123Def456Ghi789Jk",
"expires_at": "2025-01-01T13:00:00.000+01:00",
"refresh_token": "Lmn987Opq654Rst321Uv",
"refresh_url": "https://my.iobee.eu/api/token/Abc123/refresh"
}
}<?xml version="1.0" encoding="UTF-8"?> <api-token> <id>Abc123</id> <access-token>Abc123Def456Ghi789Jk</access-token> <expires-at type="dateTime">2025-01-01T13:00:00+01:00</expires-at> <refresh-token>Lmn987Opq654Rst321Uv</refresh-token> <refresh-url>https://my.iobee.eu/api/token/Abc123/refresh</refresh-url> </api-token>
Fields
id |
The unique id of this token |
|---|---|
access_token |
The secret token you can use to access our API |
expires_at |
The expiry date for the access_token field. The token can no longer be used after this moment. |
refresh_token |
The secret token you use to request a new access_token. This value is hashed in our database and can not
be retrieved later. If you have lost the refresh token, you have to create a new API token, the old token can
not be refreshed anymore.
|
refresh_url |
The URL of the API to request a new access_token |
Usage
To authenticate yourself in the API, you must put the access_token in the header of the request, like so:
Authorization: Token token="Abc123Def456Ghi789Jk"
The exception to this is the refresh service, where you have to use the refresh_token in the header.