Our API follows the OAuth2 authorization protocol. Therefore, for your application to use protected resources, it’s necessary to follow the Client Credential flow.
The Client Credentials flow is used when an application needs access to API resources (resource server). Unlike the Authorization Code flow, which is used when it’s a user who needs this access. In the Client Credentials flow, the application sends its client ID and client secret to the authorization server, and it returns an access token that can be used as a Bearer Token in requests to our API.
Because it’s a standard protocol, OAuth2 has open-source libs in virtually all major programming languages. Below, we have an example of JavaScript code demonstrating the operation of requesting the access token:
const clientID = "the-client-id"
const clientSecret = "the-secret-id"
const qs = new URLSearchParams()
qs.set("grant_type", "client_credentials")
qs.set("client_id", clientID)
qs.set("client_secret", clientSecret)
qs.set("audience", "<Resource Server Uri>"); // https://api.wave.bemobi.com
const requestOptions = {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: qs.toString(),
}
fetch("<Authorization Server Uri>/oauth/token", requestOptions)
.then((response) => response.json())
.then((data) => console.log(data))
To authenticate with our API, you’ll need a client_id and a client_secret. Please contact our integration team to request your credentials and the authentication API URL.
Keep your client_id and client_secret confidential, do not share them with anyone, as they are sensitive data that only you should have access to.
The API has a limit of 1000 tokens per month. This is a measure to prevent misuse of the application. Therefore, it’s important that the integration is done in a way to reuse the generated tokens and not generate a new token for each request.
