Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Authorization functionality within SSO is moved to dedicated service (OIDC).

All the following tasks should be performed through direct communication with OIDC and received token should be just used in all APIs of BIM+.

Old Bim+ tokens are simulated only for backward compatibility until 2026, high performance should not be awaited using them.

Authorization Service

...

...

Anchor
authenticateToken
authenticateToken

Obsolete.Tokens should be received from

...

OIDC.
Authorizes a user and returns a BIMPlus-token for further API calls

...

Anchor
getTokenInfo
getTokenInfo

Obsolete.Tokens should be managed by

...

OIDC.
Get token information
Deck of Cards
idbimGetTokenInfo


Card
defaulttrue
labelURL / Resource / JSON Structure
 Resource: authorize

URLhttps://api-stage.bimplus.net/v2/authorize 


Card
labelHTTP Method
 GET


Card
labelDescription

Get information about a specified token(if the specified token exists and not expired).


These tokens are supported only for backward compatibility only and API will be removed in 2025.


Card
labelRequest


Code Block
borderColorGreen
langxml
titleHeaders
Content-Type: application/json

Authorization: BimPlus 9c1874a62c974dcfa75e0132c423a088



Card
labelResponse


Code Block
borderColorGreen
langxml
titleStatus
Status: 200 OK


Code Block
borderColorRed
langxml
titleJSON
{
    "user_id": "b37b60d4-0f1b-4158-99c4-847254786517",
    "audience": "00000000-0000-0000-0000-000000000000",
    "expires_in": 2271650

} 

where,

Name

Type

Description

user_id

string

The unique user id to be used for any further API calls.

expires_in

string

The remaining lifetime on the access token in seconds

audience

string

In our case the id of the client (Mobile app, Browser …)



Anchor
getCrossToken
getCrossToken

Obsolete.

...

This type of tokens will not be supported.
Request a cross token
Deck of Cards
idbimGetCrossToken


Card
defaulttrue
labelURL / Resource / JSON Structure
 Resource: cross-token

URLhttps://api-stage.bimplus.net/v2/cross-token


Card
labelHTTP Method
 POST


Card
labelDescription

 This service is basically used for requesting a disposable temporary token which will be used for authenticating against different clients. Based on the given authentication token the user is identified and a one time token is generated and returned.


These tokens are supported only for backward compatibility only and API will be removed in 2025.


Card
labelRequest


Code Block
borderColorGreen
langxml
titleHeaders
Authorization: BimPlus 9c1874a62c974dcfa75e0132c423a088
Content-Type: application/json



Card
labelResponse


Code Block
borderColorGreen
langxml
titleStatus
Status: 200 OK


Code Block
borderColorRed
langxml
titleJSON
{
cross_token: "b392cee4d0044ef681fa911772668cf9"
expires_in: 299
token_type: "BimPlus"
}

where,

Name

Type

Description

cross_token

string

The temporary token which will be used for cross-authenticate

expires_in

string

The remaining lifetime on the access token in seconds

token_type

string

Type of the token which will be used as part of the header



Anchor
crossAuthenticate
crossAuthenticate

Obsolete. Cross Authenticate by using cross token. Will be removed.
Deck of Cards
idbimCrossAuthenticate


Card
defaulttrue
labelURL / Resource / JSON Structure
 Resource: cross-authorize

URLhttps://api-stage.bimplus.net/v2/cross-authorize

JSON Structure:

Name

Mandatory / Optional

Type

Description

cross_token

mandatory

string

The temporary token which will be used for cross-authenticate

client_id

optional

string

The identifier of the used client

application_id

mandatorystringThe id of the application







Card
labelHTTP Method
 POST


Card
labelDescription
Obsolete. Will be removed.
 Based on the one time cross token, the user will be identified and logged in to the given device/client. The one time cross token will be removed but the new token which will be generated as a result of this call be used in the header for the subsequent API calls.

The team_id and project_id information can be provided as part of the call, if the user wants to work on or display(viewer) a particular team or an project.


Card
labelRequest


Code Block
borderColorGreen
langxml
titleHeaders
Content-Type: application/json


Code Block
borderColorRed
langxml
titleJSON
{
"cross_token": "b392cee4d0044ef681fa911772668cf9"
}



Card
labelResponse


Code Block
borderColorGreen
langxml
titleStatus
Status: 200 OK


Code Block
borderColorRed
langxml
titleJSON
{
"access_token": "43796fab76d54d2c9cb9120fd7d79c9e",
"expires_in": 2591999,
"client_id": "9fd0bb9d-570b-4719-bfae-93e2f879c19a",
"token_type": "BimPlus"
}



...

Deck of Cards
idbimExpireToken


Card
defaulttrue
labelURL / Resource / JSON Structure
Resource: authorize

URLhttps://api-stage.bimplus.net/v2/authorize 


Card
labelHTTP Method
 DELETE


Card
labelDescription
Current date/time is set to be the oldest time for any tokens for this user. So, user should re-request new token from KeycloakOIDC.


Card
labelRequest


Code Block
borderColorGreen
langxml
titleHeaders
Content-Type: application/json

Authorization: BimPlus 9c1874a62c974dcfa75e0132c423a088



Card
labelResponse


Code Block
borderColorGreen
langxml
titleStatus
Status: 200 OK



Anchor
rememberMe
rememberMe

Obsolete.Tokens should be refreshed with

...

OIDC.
Authorize a user and get "remember me" token.

User is still logged on to other services. For real logout, call logout function of OIDC.


Deck of Cards
idbimRememberMe


Card
defaulttrue
labelURL / Resource / JSON Structure
 Resource: authorize 

URLhttps://api-stage.bimplus.net/v2/authorize

JSON Structure

Name

Mandatory / Optional

Type

Description

user_id

mandatory

string

The email address of the user

password

mandatory

string

The user's password

client_id

optional

string

The identifier of the used client

application_id

optional

string

The id of the application

remember_memandatoryboolSet it to true



Card
labelHTTP Method
 POST


Card
labelDescription

 Once the "remember_me" parameter is set to true, we will get 2 extra parameters in the json response (i.e remember_me_token & remember_me_expires_in) The remember_me_expires_in value will be set to 30 days. The client have to save the client_id & remember_me_token in their localStorage, cookie etc. So, for next authentication, they have to use this token as seen in the request json tab. By this way, if this set it is not necessary for the user to enter their credentials every time (i.e the credentials are not required to generate the auth token. Rather the remember_me_token will generate the auth token each time)


Returns a BIMPlus-token for further API calls. These tokens are supported only for backward compatibility only and API will be removed in 2026.


Card
labelRequest


Code Block
borderColorGreen
langxml
titleHeaders
Content-Type: application/json


Code Block
borderColorRed
langxml
titleJSON
{
    "user_id" : "test@bimplus.net",
    "password" : "test",
    "remember_me" : "true",
    "application_id": "0106c8baad467c08e26f026852cb7525",
    "client_id": "0864b512-1776-4a55-8ee5-2b19d7d9b7ea"
}



Card
labelResponse


Code Block
borderColorGreen
langxml
titleStatus
Status: 200 OK


Code Block
borderColorRed
langxml
titleJSON
{
    "access_token": "35eb2b5e94b54d5aafa6b6a7b6e8de01",
    "expires_in": 28799,
    "application_id": "0106c8baad467c08e26f026852cb7525",
    "client_id": "0864b512-1776-4a55-8ee5-2b19d7d9b7ea",
    "remember_me": true,
    "remember_me_token": "b930e0179baf4f919caeab28328190a3", 
    "remember_me_expires_in" : 2591999 
}



Anchor
#rememberMeLogin
#rememberMeLogin

Obsolete.Tokens should be received from

...

OIDC.
Get "remember me" token



Deck of Cards
idbimRememberMeLogin


Card
defaulttrue
labelURL / Resource / JSON Structure

Resource: authorize 

URLhttps://api-stage.bimplus.net/v2/authorize

JSON Structure


Name

Mandatory / Optional

Type

Description

remember_memandatoryboolSet it to true
remember_me_tokenmandatorystringThe "remember me" token

client_id

mandatory

string

The identifier of the used client

application_id

optional

string

The id of the application



Card
labelHTTP Method

 POST


Card
labelDescription

It is not necessary for the user to enter the credentials each time. Instead, do it only if required, together with requesting the "remember me" token, and than use this remember token to generate the authentication token each time.


Returns a BIMPlus-token for further API calls. These tokens are supported only for backward compatibility only and API will be removed in 2026.


Card
labelRequest


Code Block
borderColorGreen
langxml
titleHeaders
Content-Type: application/json


Code Block
borderColorRed
langxml
titleJSON
{
    "remember_me" : "true",
    "remeber_me_token": "b930e0179baf4f919caeab28328190a3",
    "application_id": "0106c8baad467c08e26f026852cb7525",
    "client_id": "0864b512-1776-4a55-8ee5-2b19d7d9b7ea",
}



Card
labelResponse


Code Block
borderColorGreen
langxml
titleStatus
Status: 200 OK


Code Block
borderColorRed
langxml
titleJSON
{
    "access_token" : "e3a212b8f70e4b85b0ed826de7f775f6",
    "expires_in" : 28799,
    "application_id": "0106c8baad467c08e26f026852cb7525",
    "client_id": "0864b512-1776-4a55-8ee5-2b19d7d9b7ea",
    "token_type": "BimPlus"
}



...