View Source

Authorization functionality within SSO is moved to dedicated service (OIDC).

All the following tasks should be performed through direct communication with OIDC and received token should be just used in all APIs of BIM+.

Old Bim+ tokens are simulated only for backward compatibility until 2026, high performance should not be awaited using them.

Authorization Service

Authorizes a user and returns a token for further API calls
Get token information
Request a cross token
Cross authenticate by using cross token
Revoke / Terminate the token
Authorize a user and get "remember me" token
Login with "remember me" token

Authorization Service

Obsolete.Tokens should be received from OIDC.

Authorizes a user and returns a BIMPlus-token for further API calls

Resource: authorize

URL: https://api-stage.bimplus.net/v2/authorize

JSON Structure:

Name

Mandatory / Optional

Type

Description

user_id

mandatory

string

The email address of the user

password

mandatory

string

The user's password

client_id

optional

string

The identifier of the used client

application_id

mandatory

string

The id of the application

Application ID is mandatory on Bimplus API on Dev, Stage and Prod since 19.10.2017.
To get your application id the contact Bimplus development team

remember_me

optional

bool

Option for saving the user's credentials

POST

Authorizes a user and returns a BIMPlus-token for further API calls. These tokens are supported only for backward compatibility only and API will be removed in 2026.

Please, use the client_id from the request and regenerate the token (using the same API call with client_id as the additional parameter) for having the possibility to login multiple times at the same time. For more information, see here

Response for the token validity is in seconds, means the token validity is 2 hours by default and remember me token 4 weeks resp. 28,9 days exactly.

Content-Type: application/json

{
 "user_id" : "test@bimplus.net",
 "password" : "test" ,
 "application_id" : "6C12345D9B0C4F3C23ABB5721D098F7B"
}

Status: 200 OK

{
"access_token": "9c1874a62c974dcfa75e0132c423a088",
"expires_in": 2591999,
"client_id": "9fd0bb9d-570b-4719-bfae-93e2f879c19a",
"token_type": "BimPlus"
}

Obsolete.Tokens should be managed by OIDC.

Get token information

Resource: authorize

URL: https://api-stage.bimplus.net/v2/authorize

GET

Get information about a specified token(if the specified token exists and not expired).

These tokens are supported only for backward compatibility only and API will be removed in 2025.

Content-Type: application/json

Authorization: BimPlus 9c1874a62c974dcfa75e0132c423a088

Status: 200 OK

{
    "user_id": "b37b60d4-0f1b-4158-99c4-847254786517",
    "audience": "00000000-0000-0000-0000-000000000000",
    "expires_in": 2271650

}

where,

Name	Type	Description
user_id	string	The unique user id to be used for any further API calls.
expires_in	string	The remaining lifetime on the access token in seconds
audience	string	In our case the id of the client (Mobile app, Browser …)

Obsolete. This type of tokens will not be supported.

Request a cross token

Resource: cross-token

URL: https://api-stage.bimplus.net/v2/cross-token

POST

This service is basically used for requesting a disposable temporary token which will be used for authenticating against different clients. Based on the given authentication token the user is identified and a one time token is generated and returned.

These tokens are supported only for backward compatibility only and API will be removed in 2025.

Authorization: BimPlus 9c1874a62c974dcfa75e0132c423a088
Content-Type: application/json

Status: 200 OK

{
cross_token: "b392cee4d0044ef681fa911772668cf9"
expires_in: 299
token_type: "BimPlus"
}

where,

Name	Type	Description
cross_token	string	The temporary token which will be used for cross-authenticate
expires_in	string	The remaining lifetime on the access token in seconds
token_type	string	Type of the token which will be used as part of the header

Obsolete. Cross Authenticate by using cross token. Will be removed.

Resource: cross-authorize

URL: https://api-stage.bimplus.net/v2/cross-authorize

JSON Structure:

Name	Mandatory / Optional	Type	Description
cross_token	mandatory	string	The temporary token which will be used for cross-authenticate
client_id	optional	string	The identifier of the used client
application_id	mandatory	string	The id of the application

POST

Obsolete. Will be removed.

Based on the one time cross token, the user will be identified and logged in to the given device/client. The one time cross token will be removed but the new token which will be generated as a result of this call be used in the header for the subsequent API calls.

The team_id and project_id information can be provided as part of the call, if the user wants to work on or display(viewer) a particular team or an project.

Content-Type: application/json

{
"cross_token": "b392cee4d0044ef681fa911772668cf9"
}

Status: 200 OK

{
"access_token": "43796fab76d54d2c9cb9120fd7d79c9e",
"expires_in": 2591999,
"client_id": "9fd0bb9d-570b-4719-bfae-93e2f879c19a",
"token_type": "BimPlus"
}

Revoke / Expire the token

Resource: authorize

URL: https://api-stage.bimplus.net/v2/authorize

DELETE

Current date/time is set to be the oldest time for any tokens for this user. So, user should re-request new token from OIDC.

Content-Type: application/json

Authorization: BimPlus 9c1874a62c974dcfa75e0132c423a088

Status: 200 OK

Obsolete.Tokens should be refreshed with OIDC.

Authorize a user and get "remember me" token.

User is still logged on to other services. For real logout, call logout function of OIDC.

Resource: authorize

URL: https://api-stage.bimplus.net/v2/authorize

JSON Structure:

Name	Mandatory / Optional	Type	Description
user_id	mandatory	string	The email address of the user
password	mandatory	string	The user's password
client_id	optional	string	The identifier of the used client
application_id	optional	string	The id of the application
remember_me	mandatory	bool	Set it to true

POST

Once the "remember_me" parameter is set to true, we will get 2 extra parameters in the json response (i.e remember_me_token & remember_me_expires_in) The remember_me_expires_in value will be set to 30 days. The client have to save the client_id & remember_me_token in their localStorage, cookie etc. So, for next authentication, they have to use this token as seen in the request json tab. By this way, if this set it is not necessary for the user to enter their credentials every time (i.e the credentials are not required to generate the auth token. Rather the remember_me_token will generate the auth token each time)

Returns a BIMPlus-token for further API calls. These tokens are supported only for backward compatibility only and API will be removed in 2026.

Content-Type: application/json

{
    "user_id" : "test@bimplus.net",
    "password" : "test",
    "remember_me" : "true",
    "application_id": "0106c8baad467c08e26f026852cb7525",
    "client_id": "0864b512-1776-4a55-8ee5-2b19d7d9b7ea"
}

Status: 200 OK

{
    "access_token": "35eb2b5e94b54d5aafa6b6a7b6e8de01",
    "expires_in": 28799,
    "application_id": "0106c8baad467c08e26f026852cb7525",
    "client_id": "0864b512-1776-4a55-8ee5-2b19d7d9b7ea",
    "remember_me": true,
    "remember_me_token": "b930e0179baf4f919caeab28328190a3", 
    "remember_me_expires_in" : 2591999 
}

Obsolete.Tokens should be received from OIDC.

Get "remember me" token

Resource: authorize

URL: https://api-stage.bimplus.net/v2/authorize

JSON Structure:

Name	Mandatory / Optional	Type	Description
remember_me	mandatory	bool	Set it to true
remember_me_token	mandatory	string	The "remember me" token
client_id	mandatory	string	The identifier of the used client
application_id	optional	string	The id of the application

POST

It is not necessary for the user to enter the credentials each time. Instead, do it only if required, together with requesting the "remember me" token, and than use this remember token to generate the authentication token each time.

Returns a BIMPlus-token for further API calls. These tokens are supported only for backward compatibility only and API will be removed in 2026.

Content-Type: application/json

{
    "remember_me" : "true",
    "remeber_me_token": "b930e0179baf4f919caeab28328190a3",
    "application_id": "0106c8baad467c08e26f026852cb7525",
    "client_id": "0864b512-1776-4a55-8ee5-2b19d7d9b7ea",
}

Status: 200 OK

{
    "access_token" : "e3a212b8f70e4b85b0ed826de7f775f6",
    "expires_in" : 28799,
    "application_id": "0106c8baad467c08e26f026852cb7525",
    "client_id": "0864b512-1776-4a55-8ee5-2b19d7d9b7ea",
    "token_type": "BimPlus"
}