Authenticate with User Credentials
Warning: To improve security across our services, authentication with user credentials has now been deprecated. Please authenticate with application tokens instead.
See the deprecation notice for more information about why BICS is making this change.
User Authentication
The /api/v1/authenticate
API is used to generate a JWT auth_token
which authenticates subsequent API calls. The request body must provide a username
(typically the email address used when signing up) and the user password
and in turn will receive an auth_token
and refresh_token
.
POST https://simforthings.bics.com/api/v1/authenticate
Request body
{
"username": "user@domain.com",
"password": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12"
}
Note: If users have signed up using the BICS management portal, the password will need to be a SHA1 hashed string. The SHA1 of a password can be generated online or in the terminal via the following command:
echo -n 'my_password' | openssl sha1
Response
{
"auth_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
User Refresh Token
The server will respond with an auth_token
and refresh_token
after successful user authentication. The auth_token is valid for 240 minutes for this token and so the refresh_token
can be used to obtain a new auth_token
without providing user credentials again.
POST https://simforthings.bics.com/api/v1/authenticate
Request body
{
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Response
{
"auth_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Important:
- The
auth_token
is valid for 240 minutes and the refresh token is valid for 350 minutes. - The
refresh_token
can only be used once and will become invalid if the user logs in from somewhere else (different web client). - When the
auth_token
has expired, the user will need to re-authenticate with the refresh token or with the user credentials for a newauth_token
. If both the auth and refresh tokens have expired, the user will need to perform authentication again.