Authentication and Authorization

Authentication and Authorization

Bits uses the OAuth 2.0 protocol. The customer must create API credentials (client ID and secret) in the Bits Dashboard's Developer Page (opens in a new tab). The credentials are used to create Oauth access tokens.

See below for instructions on how to generate an access token.

Generate Oauth access token

The access token is generated from POST /v1/oauth2/token using your API credentials You can find your API credentials in Bits Dashboard's Developer Page (opens in a new tab).

Authentication is performed by including an Authorization header with the value Basic {credentials} in the request. The credentials are a base64 encoded string of the clientId and clientSecret separated by a colon (:). Pass grant type client_credentials in the request body to generate an access token.

The access token is a bearer token and the holder of the token is authorized to create applications and read application data. The token can be used to create and/or read multiple application until it expires. The token is valid for 1 hour. After that, the client must generate a new token using the API credentials.


Example request to generate an Oauth token
POST /v1/oauth2/token HTTP/1.1
Authorization: Basic <base64({clientId:clientSecret})>
Content-Type: application/x-www-form-urlencoded
grant_typestring(Required) Only available grant type for now is client_credentials. See Grant types table


  "type": "Bearer",
  "access_token": "<access_token>",
  "expires_in": 3600,
  "scope": "application"
typestringSpecifies which type the access token is.
access_tokenstringThe access token string is used to authorize API requests.
expires_inintegerSpecifies the duration of time in seconds the access token is valid.
scopestringSpecifies which scopes the access token has been granted.

Retrieve token owner information

Use this endpoint to retrieve information about the user associated with the token.


Example request
GET /oauth2/userinfo HTTP/1.1
Authorization: bearer <accessToken>


customerIdstringSpecifies which the identity of the customer.
  "customerId": "bits:customer::e0d429f2-635b-418c-8b74-4a554f82c0bc"

Available scopes

ScopeRequired claimsDescription
applicationThis scope will grant access to create applications and read application data.
application.readThis scope will grant access to read application data.
application.sessionapplication_id, workflow_id, redirect_urlThis scope will grant access to execute an application flow and is limited to just a specific application application_id claim.

Available Grant types

Grant TypeDescription
client_credentialsThis grant type will application access to clients resources.