First Steps
To get started using the BICS API, the first step is to authenticate with user credentials to retrieve a session token. After logging in, users can interact directly with the platform by reading, creating and updating resources programmatically. The following pages cover the basic of authentication steps, querying resources and also how to create and use Application Tokens for automating or scheduling recurring tasks.
User Authentication
The /api/v1/authenticate API takes a username and password and returns an auth_token and refresh_token upon successful login. The auth token is then used to authenticate all subsequent calls to the API via the Authorization header.
JWTs
JSON Web Tokens are used as a secure mechanism to authenticate all API calls via the Authorization header. This page describes how to obtain a JWT auth_token and how they are used in requests.
Application Authentication
When the /api/v1/authenticate API is sent an application token instead of user credentials, it returns an auth token used to authenticate all subsequent calls to the API via the Authorization header.
It is recommended to use application tokens for M2M communications as this does not involve leaving user credentials on an application server or devices which have programmatic API access. Other advantages of Application Tokens is that multiple tokens may be created, their use can be segmented by limiting them to a specific application each, restricted by IP, and they may be revoked at any time on a per-token basis.