API Reference

User Scoped Authentication

Once your user is created you will need to generate a session token that will be passed with every subsequent request to the graphql endpoint. This requires Organization scoped authentication. You will need your organization's client_id, client_secret, and the user_id for the user being authenticated. This is the user_id that was returned from your call to RegisterOrganizationUser

The HTTP endpoint /v1/users/authenticate/{user_id} is used to obtain the session token for User Scoped Authentication.

Base URL based on environment:

  • Use the Development URL when testing or working in a development environment.
  • Use the Production URL when making live requests.
DevelopmentProduction
https://api.bloomplus.devhttps://api.bloomplus.com
# Replace user_id with the user's id. 
# Replace client_id and client_secret with your organization's client_id and client_secret

curl --location --request POST 'https://api.bloomplus.dev/v1/users/authenticate/user_id' \
--header 'Authorization: Bearer client_id:client_secret'

# Returns: "ABCDEFGHIJKLMNOPQ123456789"
# Which can then be used as a bearer token:
# --header 'Authorization: Bearer ABCDEFGHIJKLMNOPQ123456789'

package main

import (
    "fmt"
    "io/ioutil"
    "log"
    "net/http"
)

func main() {
    // Define the user ID as a path parameter
    userID := "your-user-id"
    url := fmt.Sprintf("<BASE_URL>/v1/users/authenticate/%s", userID)

    // Create a new HTTP POST request
    req, err := http.NewRequest("POST", url, nil)
    if err != nil {
        log.Fatalf("Error creating request: %v", err)
    }

    // Set the Authorization header with client credentials
    clientID := "your-client-id"
    clientSecret := "your-client-secret"
    authHeader := fmt.Sprintf("Bearer %s:%s", clientID, clientSecret)
    req.Header.Set("Authorization", authHeader)

    // Send the request
    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
        log.Fatalf("Error making request: %v", err)
    }
    defer resp.Body.Close()

    // Read and process the response, expecting a plain string for the session token
    body, err := ioutil.ReadAll(resp.Body)
    if err != nil {
        log.Fatalf("Error reading response: %v", err)
    }

    if resp.StatusCode == http.StatusOK {
        // The response is a plain string containing the session token
        sessionToken := string(body)
        fmt.Printf("Successfully authenticated!\nSession Token: %s\n", sessionToken)
    } else {
        // Handle the error response
        var errorResponse map[string]string
        err = json.Unmarshal(body, &errorResponse)
        if err != nil {
            log.Fatalf("Error decoding error JSON: %v", err)
        }
        fmt.Printf("Error: %s\n", errorResponse["error"])
    }
}

The resulting body will be used as a Bearer Token for User Scoped Authentication. See Enablement Services Authorization for an explanation on scope.

For example, if the session token ABCDEFGHIJKLMNOPQ123456789 were returned, it will be used as a Bearer token in the format:

Authorization: Bearer BABCDEFGHIJKLMNOPQ123456789

This bearer token can now be used for User Scoped queries and mutations for the authenticated user.