External users (3rd party apps)

This API provides functionality for authenticating users in your app in a way that they can securely use Bikeep API. It is not used when authenticating with server-to-server Oauth2 client credentials flow

Endpoints

POST /external-users-auth/v1/refresh Refresh tokens POST /external-users-auth/v1/sign-in Sign in POST /external-users-auth/v1/sign-up Sign up POST your-domain/sign-in-verification Sign in verification POST your-domain/sign-up-verification Sign up verification
POST /external-users-auth/v1/refresh
Public

Refresh tokens

Refreshes an expired access token without making a verifying round-trip to your server.

Request Body required

refresh_token string required

Refresh token that is given to you by /sign-in endpoint

operator_id string

Optional. UUID given to you by Bikeep. Included for debugging purposes only; not required for token refresh.

bikeep_user_id string required

User ID used in Bikeep services to match users to sessions, payment methods, etc; not to confuse with your own internal user ID

Responses

200 response

access_token string

Token that can be used for accessing Bikeep API straight from end users app. Must be placed into ‘Authorization’ header as ‘Bearer …’. Expires in 1 hour.

Example Request

curl \
  -X POST \
  "https://services.bikeep.com/external-users-auth/v1/refresh" \
  -H "Content-Type: application/json" \
  -d '{
  "refresh_token": "string",
  "operator_id": "00000000-0000-0000-0000-000000000000",
  "bikeep_user_id": "00000000-0000-0000-0000-000000000000"
}'
POST /external-users-auth/v1/sign-in
Public

Sign in

When request is made to this endpoint, Bikeep will forward your internal user_id and the challenge_token to your system for verification. This has to be done in order to maintain user uniqueness and to avoid possibility of one user controlling all devices. If you respond with 200, this endpoint will return access, and refresh tokens that can be used for accessing the API.

Request Body required

challenge_token string required

Token that is posted to your endpoint together with user_id to verify the user

operator_id string required

UUID given to you by Bikeep.

bikeep_user_id string required

User ID used in Bikeep services to match users to sessions, payment methods, etc; not to confuse with your internal user ID

Responses

200 response

access_token string

Token that can be used for accessing Bikeep API from clients. Must be placed into the ‘Authorization’ header as ‘Bearer …’. Expires in 1 hour.

refresh_token string

Token that has to be used for refreshing access_token in /refresh endpoint.

Example Request

curl \
  -X POST \
  "https://services.bikeep.com/external-users-auth/v1/sign-in" \
  -H "Content-Type: application/json" \
  -d '{
  "challenge_token": "string",
  "operator_id": "00000000-0000-0000-0000-000000000000",
  "bikeep_user_id": "00000000-0000-0000-0000-000000000000"
}'
POST /external-users-auth/v1/sign-up
Public

Sign up

When signing up, you input your internal user ID and we post a Bikeep user ID, along with the original user ID to an endpoint specified by you. Bikeep user ID is used for signing in and getting refresh tokens, the internal user ID is used for validating the login.

Request Body required

user_id string required

Unique user id in your system. Is used for returning same account each time user asks for tokens (in case of log in / out).

operator_id string required

UUID given to you by Bikeep.

Responses

204 response

Example Request

curl \
  -X POST \
  "https://services.bikeep.com/external-users-auth/v1/sign-up" \
  -H "Content-Type: application/json" \
  -d '{
  "user_id": "00000000-0000-0000-0000-000000000000",
  "operator_id": "00000000-0000-0000-0000-000000000000"
}'
POST your-domain/sign-in-verification
Public

Sign in verification

Sign in verification endpoint, that receives the challenge sent from Bikeep

Request Body required

user_id string

Your internal user ID that correlates to Bikeep user ID

challenge_token string

Token that is posted to your endpoint together with user_id to verify the user

Responses

200 response

bikeep_user_id string

User ID used in Bikeep services that correlates to your internal user id.

Example Request

# This is an incoming request TO your server
POST https://your-domain/sign-in-verification
POST your-domain/sign-up-verification
Public

Sign up verification

Sign up verification endpoint, that receives the Bikeep user ID

Request Body required

user_id string

Your internal user ID that correlates to Bikeep user ID

bikeep_user_id string

User ID used in Bikeep services that correlates to your internal user id.

Responses

200 response

Example Request

# This is an incoming request TO your server
POST https://your-domain/sign-up-verification