Authorization functionality within SSO is moved to dedicated service (KeycloakOIDC).
All the following tasks should be performed through direct communication with Keycloak OIDC and received token should be just used in all APIs of BIM+.
...
| Anchor |
|---|
| authenticateToken |
|---|
| authenticateToken |
|---|
|
Obsolete.Tokens should be received from
...
OIDC.
Authorizes a user and returns a BIMPlus-token for further API calls
...
Obsolete.Tokens should be managed by
...
OIDC.
Get token information
| Deck of Cards |
|---|
|
| Card |
|---|
| Get information about a specified token(if the specified token exists and not expired).
These tokens are supported only for backward compatibility only and API will be removed in 2025.
|
| Card |
|---|
|
| Code Block |
|---|
| borderColor | Green |
|---|
| lang | xml |
|---|
| title | Headers |
|---|
| Content-Type: application/json
Authorization: BimPlus 9c1874a62c974dcfa75e0132c423a088 |
|
| Card |
|---|
|
| Code Block |
|---|
| borderColor | Green |
|---|
| lang | xml |
|---|
| title | Status |
|---|
| Status: 200 OK
|
| Code Block |
|---|
| borderColor | Red |
|---|
| lang | xml |
|---|
| title | JSON |
|---|
| {
"user_id": "b37b60d4-0f1b-4158-99c4-847254786517",
"audience": "00000000-0000-0000-0000-000000000000",
"expires_in": 2271650
} |
where, Name | Type | Description |
|---|
user_id | string | The unique user id to be used for any further API calls. | expires_in | string | The remaining lifetime on the access token in seconds | audience | string | In our case the id of the client (Mobile app, Browser …) |
|
|
| Anchor |
|---|
| getCrossToken |
|---|
| getCrossToken |
|---|
|
Obsolete.
...
This type of tokens will not be supported.
Request a cross token
| Deck of Cards |
|---|
|
| Card |
|---|
| This service is basically used for requesting a disposable temporary token which will be used for authenticating against different clients. Based on the given authentication token the user is identified and a one time token is generated and returned.
These tokens are supported only for backward compatibility only and API will be removed in 2025. |
| Card |
|---|
|
| Code Block |
|---|
| borderColor | Green |
|---|
| lang | xml |
|---|
| title | Headers |
|---|
| Authorization: BimPlus 9c1874a62c974dcfa75e0132c423a088
Content-Type: application/json
|
|
| Card |
|---|
|
| Code Block |
|---|
| borderColor | Green |
|---|
| lang | xml |
|---|
| title | Status |
|---|
| Status: 200 OK
|
| Code Block |
|---|
| borderColor | Red |
|---|
| lang | xml |
|---|
| title | JSON |
|---|
| {
cross_token: "b392cee4d0044ef681fa911772668cf9"
expires_in: 299
token_type: "BimPlus"
}
|
where, Name | Type | Description |
|---|
cross_token | string | The temporary token which will be used for cross-authenticate | expires_in | string | The remaining lifetime on the access token in seconds | token_type | string | Type of the token which will be used as part of the header |
|
|
| Anchor |
|---|
| crossAuthenticate |
|---|
| crossAuthenticate |
|---|
|
Obsolete. Cross Authenticate by using cross token. Will be removed.
| Deck of Cards |
|---|
|
| Card |
|---|
| default | true |
|---|
| label | URL / Resource / JSON Structure |
|---|
| | Resource: cross-authorize URL: https://api-stage.bimplus.net/v2/cross-authorize JSON Structure: Name | Mandatory / Optional | Type | Description |
|---|
cross_token | mandatory | string | The temporary token which will be used for cross-authenticate | client_id | optional | string | The identifier of the used client | application_id | mandatory | string | The id of the application |
|
|
|
|
|
| Card |
|---|
| Obsolete. Will be removed. Based on the one time cross token, the user will be identified and logged in to the given device/client. The one time cross token will be removed but the new token which will be generated as a result of this call be used in the header for the subsequent API calls.The team_id and project_id information can be provided as part of the call, if the user wants to work on or display(viewer) a particular team or an project. |
| Card |
|---|
|
| Code Block |
|---|
| borderColor | Green |
|---|
| lang | xml |
|---|
| title | Headers |
|---|
| Content-Type: application/json
|
| Code Block |
|---|
| borderColor | Red |
|---|
| lang | xml |
|---|
| title | JSON |
|---|
| {
"cross_token": "b392cee4d0044ef681fa911772668cf9"
}
|
|
| Card |
|---|
|
| Code Block |
|---|
| borderColor | Green |
|---|
| lang | xml |
|---|
| title | Status |
|---|
| Status: 200 OK
|
| Code Block |
|---|
| borderColor | Red |
|---|
| lang | xml |
|---|
| title | JSON |
|---|
| {
"access_token": "43796fab76d54d2c9cb9120fd7d79c9e",
"expires_in": 2591999,
"client_id": "9fd0bb9d-570b-4719-bfae-93e2f879c19a",
"token_type": "BimPlus"
}
|
|
|
...
| Deck of Cards |
|---|
|
| Card |
|---|
| | Current date/time is set to be the oldest time for any tokens for this user. So, user should re-request new token from KeycloakOIDC. |
| Card |
|---|
|
| Code Block |
|---|
| borderColor | Green |
|---|
| lang | xml |
|---|
| title | Headers |
|---|
| Content-Type: application/json
Authorization: BimPlus 9c1874a62c974dcfa75e0132c423a088 |
|
| Card |
|---|
|
| Code Block |
|---|
| borderColor | Green |
|---|
| lang | xml |
|---|
| title | Status |
|---|
| Status: 200 OK
|
|
|
Obsolete.Tokens should be refreshed with
...
OIDC.
Authorize a user and get "remember me" token.
User is still logged on to other services. For real logout, call Keycloacklogout function of OIDC.
| Deck of Cards |
|---|
|
| Card |
|---|
| default | true |
|---|
| label | URL / Resource / JSON Structure |
|---|
| | Resource: authorize URL: https://api-stage.bimplus.net/v2/authorize JSON Structure: Name | Mandatory / Optional | Type | Description |
|---|
user_id | mandatory | string | The email address of the user | password | mandatory | string | The user's password | client_id | optional | string | The identifier of the used client | application_id | optional | string | The id of the application | | remember_me | mandatory | bool | Set it to true |
|
| Card |
|---|
| Once the "remember_me" parameter is set to true, we will get 2 extra parameters in the json response (i.e remember_me_token & remember_me_expires_in) The remember_me_expires_in value will be set to 30 days. The client have to save the client_id & remember_me_token in their localStorage, cookie etc. So, for next authentication, they have to use this token as seen in the request json tab. By this way, if this set it is not necessary for the user to enter their credentials every time (i.e the credentials are not required to generate the auth token. Rather the remember_me_token will generate the auth token each time)
Returns a BIMPlus-token for further API calls. These tokens are supported only for backward compatibility only and API will be removed in 2026. |
| Card |
|---|
|
| Code Block |
|---|
| borderColor | Green |
|---|
| lang | xml |
|---|
| title | Headers |
|---|
| Content-Type: application/json
|
| Code Block |
|---|
| borderColor | Red |
|---|
| lang | xml |
|---|
| title | JSON |
|---|
| {
"user_id" : "test@bimplus.net",
"password" : "test",
"remember_me" : "true",
"application_id": "0106c8baad467c08e26f026852cb7525",
"client_id": "0864b512-1776-4a55-8ee5-2b19d7d9b7ea"
}
|
|
| Card |
|---|
|
| Code Block |
|---|
| borderColor | Green |
|---|
| lang | xml |
|---|
| title | Status |
|---|
| Status: 200 OK
|
| Code Block |
|---|
| borderColor | Red |
|---|
| lang | xml |
|---|
| title | JSON |
|---|
| {
"access_token": "35eb2b5e94b54d5aafa6b6a7b6e8de01",
"expires_in": 28799,
"application_id": "0106c8baad467c08e26f026852cb7525",
"client_id": "0864b512-1776-4a55-8ee5-2b19d7d9b7ea",
"remember_me": true,
"remember_me_token": "b930e0179baf4f919caeab28328190a3",
"remember_me_expires_in" : 2591999
}
|
|
|
| Anchor |
|---|
| #rememberMeLogin |
|---|
| #rememberMeLogin |
|---|
|
Obsolete.Tokens should be received from
...
OIDC.
Get "remember me" token
| Deck of Cards |
|---|
|
| Card |
|---|
| default | true |
|---|
| label | URL / Resource / JSON Structure |
|---|
| Resource: authorize URL: https://api-stage.bimplus.net/v2/authorize JSON Structure:
Name | Mandatory / Optional | Type | Description |
|---|
| remember_me | mandatory | bool | Set it to true | | remember_me_token | mandatory | string | The "remember me" token | client_id | mandatory | string | The identifier of the used client | application_id | optional | string | The id of the application |
|
| Card |
|---|
| It is not necessary for the user to enter the credentials each time. Instead, do it only if required, together with requesting the "remember me" token, and than use this remember token to generate the authentication token each time.
Returns a BIMPlus-token for further API calls. These tokens are supported only for backward compatibility only and API will be removed in 2026. |
| Card |
|---|
|
| Code Block |
|---|
| borderColor | Green |
|---|
| lang | xml |
|---|
| title | Headers |
|---|
| Content-Type: application/json
|
| Code Block |
|---|
| borderColor | Red |
|---|
| lang | xml |
|---|
| title | JSON |
|---|
| {
"remember_me" : "true",
"remeber_me_token": "b930e0179baf4f919caeab28328190a3",
"application_id": "0106c8baad467c08e26f026852cb7525",
"client_id": "0864b512-1776-4a55-8ee5-2b19d7d9b7ea",
}
|
|
| Card |
|---|
|
| Code Block |
|---|
| borderColor | Green |
|---|
| lang | xml |
|---|
| title | Status |
|---|
| Status: 200 OK
|
| Code Block |
|---|
| borderColor | Red |
|---|
| lang | xml |
|---|
| title | JSON |
|---|
| {
"access_token" : "e3a212b8f70e4b85b0ed826de7f775f6",
"expires_in" : 28799,
"application_id": "0106c8baad467c08e26f026852cb7525",
"client_id": "0864b512-1776-4a55-8ee5-2b19d7d9b7ea",
"token_type": "BimPlus"
}
|
|
|
...