ON THIS PAGE
Like many REST frameworks, the BSN REST API uses a refresh-token system to handle client authentication. This page describes how to build token authorization for BSN into a client application.
Authorization Workflow
These steps outline how to carry out authorization with the BSN REST API:
- The client makes a POST call to the
/Token/endpoint. The POST body includes, among other parameters, ausernameandpasswordpair.- If the user entered the network name along with his or her username and password, the network name is included in the
username(e.g. "username=exampleNetwork/exampleUser@brightsign.biz"
- If the user entered the network name along with his or her username and password, the network name is included in the
- If the credentials are valid, the server returns a code 200 with a response body that includes
access_token,expires_in, andrefresh_tokenvalues.- The response body includes a
networkNamesarray that lists networks associated with the specifiedusername. The client application provides the list of networks to the user and allows him or her to select one. It then makes a second POST to the/token/endpoint with network name included in theusername(e.g."username=exampleNetwork/exampleUser@brightsign.biz").
- The response body includes a
- If less than half of the
expires_intime has elapsed (in seconds), and the client application has retained theaccess_tokenvalue in local storage, it includes theaccess_tokenin the header of each request to a BSN endpoint.- If more than half of the
expires_intime has elapsed, or if theaccess_tokenis not located in local storage, the client application makes a POST call to the/token/endpoint with therefresh_tokenvalue. - If the
refresh_tokenis not located in local storage, the application indicates to the user that access to the BSN connection has been dropped (without loss of unsaved user data). It then prompts the user to enter access credentials again and returns to step 1 of the authentication process.
- If more than half of the