4.1 Authorization Service

Authorization Service

Authorizes a user and returns a token for further API calls

Resource: authorize

URL: https://api-stage.bimplus.net/v2/authorize

JSON Structure:

Name	Mandatory / Optional	Type	Description
user_id	mandatory	string	The email address of the user
password	mandatory	string	The user's password
client_id	optional	string	The identifier of the used client
application_id	optional	string	The id of the application
remember_me	optional	bool	Option for saving the user's credentials

POST

Authorizes a user and returns a token for further API calls.

Please, use the client_id from the request and regenerate the token (using the same API call with client_id as the additional parameter) for having the possibility to login multiple times at the same time. For more information, see here

Headers

Content-Type: application/json

JSON

{
 "user_id" : "test@bimplus.net",
 "password" : "test"
}

Status

Status: 200 OK

JSON

{
"access_token": "9c1874a62c974dcfa75e0132c423a088",
"expires_in": 2591999,
"client_id": "9fd0bb9d-570b-4719-bfae-93e2f879c19a",
"token_type": "BimPlus"
}

Get token information

Resource: authorize

URL: https://api-stage.bimplus.net/v2/authorize

GET

Get information about a specified token(if the specified token exists and not expired).

Headers

Content-Type: application/json

Authorization: BimPlus 9c1874a62c974dcfa75e0132c423a088

Status

Status: 200 OK

JSON

{
    "user_id": "b37b60d4-0f1b-4158-99c4-847254786517",
    "audience": "00000000-0000-0000-0000-000000000000",
    "expires_in": 2271650

}

where,

Name	Type	Description
user_id	string	The unique user id to be used for any further API calls.
expires_in	string	The remaining lifetime on the access token in seconds
audience	string	In our case the id of the client (Mobile app, Browser …)

Request a cross token

Resource: cross-token

URL: https://api-stage.bimplus.net/v2/cross-token

POST

This service is basically used for requesting a disposable temporary token which will be used for authenticating against different clients. Based on the given authentication token the user is identified and a one time token is generated and returned.

Headers

Authorization: BimPlus 9c1874a62c974dcfa75e0132c423a088
Content-Type: application/json

Status

Status: 200 OK

JSON

{
cross_token: "b392cee4d0044ef681fa911772668cf9"
expires_in: 299
token_type: "BimPlus"
}

where,

Name	Type	Description
cross_token	string	The temporary token which will be used for cross-authenticate
expires_in	string	The remaining lifetime on the access token in seconds
token_type	string	Type of the token which will be used as part of the header

Cross Authenticate by using cross token

Resource: cross-authorize

URL: https://api-stage.bimplus.net/v2/cross-authorize

JSON Structure:

Name	Mandatory / Optional	Type	Description
cross_token	mandatory	string	The temporary token which will be used for cross-authenticate
client_id	optional	string	The identifier of the used client
team_id	optional	string	The id of the team
project_id	optional	string	The id of the project
application_id	optional	string	The id of the application

POST

Based on the one time cross token, the user will be identified and logged in to the given device/client. The one time cross token will be removed but the new token which will be generated as a result of this call be used in the header for the subsequent API calls.

The team_id and project_id information can be provided as part of the call, if the user wants to work on or display(viewer) a particular team or an project.

Headers

Content-Type: application/json

JSON

{
"cross_token": "b392cee4d0044ef681fa911772668cf9"
}

Status

Status: 200 OK

JSON

{
"access_token": "43796fab76d54d2c9cb9120fd7d79c9e",
"expires_in": 2591999,
"client_id": "9fd0bb9d-570b-4719-bfae-93e2f879c19a",
"token_type": "BimPlus"
}

Revoke / Expire the token

Resource: authorize

URL: https://api-stage.bimplus.net/v2/authorize

DELETE

The specified token will expire immediately.

Headers

Content-Type: application/json

Authorization: BimPlus 9c1874a62c974dcfa75e0132c423a088

Status

Status: 200 OK

How remember me works

Resource: authorize

URL: https://api-stage.bimplus.net/v2/authorize

JSON Structure:

Name	Mandatory / Optional	Type	Description
user_id	mandatory	string	The email address of the user
password	mandatory	string	The user's password
client_id	optional	string	The identifier of the used client
application_id	optional	string	The id of the application
remember_me	mandatory	bool	Set it to true

POST

Once the "remember_me" parameter is set to true, we will get 2 extra parameters in the json response (i.e remember_me_token & remember_me_expires_in) The remember_me_expires_in value will be set to 30 days. The client have to save the client_id & remember_me_token in their localStorage, cookie etc. So, for next authentication, they have to use this token as seen in the request json tab. By this way, if this set it is not necessary for the user to enter their credentials every time (i.e the credentials are not required to generate the auth token. Rather the remember_me_token will generate the auth token each time)

Headers

Content-Type: application/json

JSON

{
    "remember_me_token": "b930e0179baf4f919caeab28328190a3",
    "remember_me": true,
    "application_id": "0106c8baad467c08e26f026852cb7525",
    "client_id": "0864b512-1776-4a55-8ee5-2b19d7d9b7ea"
}

Status

Status: 200 OK

JSON

{
    "access_token": "d953334fcfe748be9d87e2461f7f3af6",
    "expires_in": 7200,
    "client_id": "0864b512-1776-4a55-8ee5-2b19d7d9b7ea",
    "token_type": "BimPlus"
}

Math Editor

Space shortcuts

Page tree

Authorization Service

Authorization Service

Authorizes a user and returns a token for further API calls

Get token information

Request a cross token

Cross Authenticate by using cross token

Revoke / Expire the token

How remember me works