User authentication

Some resources are public (banks and categories) meaning that only providing a Client-Id is required but the majority of the resources need a logged in user.

The User resource is an abstraction of the end user, so you need to authenticate him in a Server-to-Server way. That means no action is needed from his part :

curl 'https://api.bridgeapi.io/v2/authenticate' \
    -X POST \
    -H 'Bridge-Version: 2021-06-01' \
    -H 'Content-Type: application/json' \  
    -H 'Client-Id: MY_CLIENT_ID' \
    -H 'Client-Secret: MY_CLIENT_SECRET' \
    -d $'{
    "email": "[email protected]",
    "password": "password123"
    }'

The response should contain the access_token :

{
  "access_token": "...",
  "expires_at": "2019-05-06T11:08:25.040Z",
  "user": {
    "uuid": "c2a26c9e-dc23-4f67-b887-bbae0f26c415",
    "email": "[email protected]"
  }
}

To perform the authenticated calls, you must provide this token in the Authorization request header (using the bearer authentication scheme).

Example :

curl "https://api.bridgeapi.io/v2/items?limit=100" \
    -X GET \
    -H 'Bridge-Version: 2021-06-01' \
    -H 'Client-Id: MY_CLIENT_ID' \
    -H 'Client-Secret: MY_CLIENT_SECRET' \
    -H 'Authorization: Bearer TOP_SECRET_ACCESS_TOKEN'

📘

Session expiration

The OAuth token is valid for two hours after it has been issued. Making calls with an expired token will return an HTTP 401 error and require a new authentication.