User authentication

Some resources are public, like banks and categories, where only a Client-Id is required. However, for most resources, authentication with a logged-in user is necessary.

To authenticate a user in a Server-to-Server manner, follow these steps:

Step 1: Authenticate User

Use the following endpoint to authenticate a user:

📘

The User resource is an abstraction of the end user, so you need to authenticate him in a Server-to-Server way. That means no action is needed from his part.

curl 'https://api.bridgeapi.io/v2/authenticate' \
	-X POST \
	-H 'Bridge-Version: 2021-06-01' \
	-H 'Content-Type: application/json' \  
	-H 'Client-Id: MY_CLIENT_ID' \
	-H 'Client-Secret: MY_CLIENT_SECRET' \
	-d $'{
  		"user_uuid": "c2a26c9e-dc23-4f67-b887-bbae0f26c415"
	}'
curl 'https://api.bridgeapi.io/v2/authenticate' \
	-X POST \
	-H 'Bridge-Version: 2021-06-01' \
	-H 'Content-Type: application/json' \  
	-H 'Client-Id: MY_CLIENT_ID' \
	-H 'Client-Secret: MY_CLIENT_SECRET' \
	-d $'{
  		"external_user_id": "A6JEJIID1919BDS"
	}'

The response will contain an access_token:

{
  "access_token": "...",
  "expires_at": "2019-05-06T11:08:25.040Z",
  "user": {
    "uuid": "c2a26c9e-dc23-4f67-b887-bbae0f26c415",
    "external_user_id": "A6JEJIID1919BDS"
  }
}

Step 2: Use Access Token

To perform authenticated API calls, include the access_token in the Authorization request header using the bearer authentication scheme. Here's an example:

curl "https://api.bridgeapi.io/v2/items?limit=100" \
	-X GET \
	-H 'Bridge-Version: 2021-06-01' \
	-H 'Client-Id: MY_CLIENT_ID' \
	-H 'Client-Secret: MY_CLIENT_SECRET' \
	-H 'Authorization: Bearer TOP_SECRET_ACCESS_TOKEN'

📘

Session expiration

Keep in mind that the OAuth token is valid for two hours (UTC+0) after issuance. If the token expires, attempts to make calls with it will result in an HTTP 401 error, requiring a new authentication.

📘

User creation and authentication

Since 23/10/2023, we have updated the user creation and authentication methods. If you have integrated our API before this update, please refer to this page.