User creation and authentication

🚧

These user creation and authentication methods are now deprecated

For any app created after the 23/10/2023, you don't need to create and authenticate your users with an email/password couple anymore. If you want to update your applications please contact our team.

User Creation

The registration of a user requires an email and a password. The end user, who will synchronize his bank accounts, doesn't need to be aware of these two parameters.

Bridge is a Server-to-Server API, so you can use the email parameter like an identifier and the password should be generated randomly. If you lose this password, the API cannot regenerate it.

📘

Email and password parameters

The email doesn't have to be a real email although the "@" is required. Please also note that the email (and all query parameters) should be URL Encoded (@ becomes %40), otherwise the request will fail.
The password must be at least 6 characters and less than 72 characters.

🚧

User lifecycle management

Don't forget to delete the Bridge users associated to your customers when they delete their account on your service.

curl 'https://api.bridgeapi.io/v2/users' \
	-X POST \
	-H 'Bridge-Version: 2021-06-01' \
	-H 'Content-Type: application/json' \
	-H 'Client-Id: MY_CLIENT_ID' \
	-H 'Client-Secret: MY_CLIENT_SECRET' \
	-d $'{
  	"email": "[email protected]",
  	"password": "password123"
	}'

User Authentication

Authentication is a crucial aspect of accessing resources in the Bridge API. Some resources are public, like banks and categories, where only a Client-Id is required. However, for most resources, authentication with a logged-in user is necessary.

To authenticate a user in a Server-to-Server manner, follow these steps:

Step 1: Authenticate User

Use the following endpoint to authenticate a user:

📘

The User resource is an abstraction of the end user, so you need to authenticate him in a Server-to-Server way. That means no action is needed from his part.

curl 'https://api.bridgeapi.io/v2/authenticate' \
	-X POST \
	-H 'Bridge-Version: 2021-06-01' \
	-H 'Content-Type: application/json' \  
	-H 'Client-Id: MY_CLIENT_ID' \
	-H 'Client-Secret: MY_CLIENT_SECRET' \
	-d $'{
  	"email": "[email protected]",
  	"password": "password123"
	}'

The response will contain an access_token:

{
  "access_token": "...",
  "expires_at": "2019-05-06T11:08:25.040Z",
  "user": {
    "uuid": "c2a26c9e-dc23-4f67-b887-bbae0f26c415",
    "email": "[email protected]"
  }
}

Step 2: Use Access Token

To perform authenticated API calls, include the access_token in the Authorization request header using the bearer authentication scheme. Here's an example:

curl "https://api.bridgeapi.io/v2/items?limit=100" \
	-X GET \
	-H 'Bridge-Version: 2021-06-01' \
	-H 'Client-Id: MY_CLIENT_ID' \
	-H 'Client-Secret: MY_CLIENT_SECRET' \
	-H 'Authorization: Bearer TOP_SECRET_ACCESS_TOKEN'

📘

Session expiration

Keep in mind that the OAuth token is valid for two hours (UTC+0) after issuance. If the token expires, attempts to make calls with it will result in an HTTP 401 error, requiring a new authentication.