How to authenticate with Config API

A basic example of how to get authenticated with the Config API

The following steps will guide you to authenticate to our Config API

1. Make a POST request to the /sessions with your credentials

   const sessionsEndPoint= "https://config.bluedot.io/prod1/sessions/";
   const credentials = {
       "email": "user@email.com",
       "password": "password123"
   };
   fetch(sessionsEndPoint, credentials).then(reponse => {
        /*
        The response will return an object with the following structure:
        {
            "status": "success",
            "idToken": "string",
            "accessToken": "string",
            "refreshToken": "string"
        }
        */
        // Attach the returned "accessToken" in the header of any subsequent call to the API
        const { accessToken } = response
   })

2. Attach the returned accessToken as Authorization: Bearer <token> in the HTTP header of any subsequent call to the API

Expiry time of the Tokens

accessToken: An Access Token is a credential that can be used by an application to access the Configuration API. It is active for 1 hour.

refreshToken: The Refresh Token is a special token that can be used to obtain a renewed accessToken. It is active for 60 days.

Best Practises on using the Session API

1. Have a fail/retry strategy for using the access token – if it expires, catch the failure, reauthenticate to get a new access token and try again.
2. The refresh token can be used, but for an m2m integration, it’s less important (the email/password can be used instead). The refresh token is typically used by less secure clients such as browsers.