Access Tokens

An access token is a long unique alphanumeric string that provides identifying information about the user who is making the API call and about the BarTender Cloud tenant space and data center that the call is going to. Add your access token to the script that you write to send API calls to the server, such as cURL commands, PowerShell scripts, and JavaScript scripts.

A user token is generated when you log into BarTender Cloud and is managed on your behalf during the session. When interacting with web applications that call a BarTender Cloud API, the API will use the application token to identify the user making the request, enabling administrators to verify the user against configured permissions.

BarTender Cloud's Tokens

BarTender Cloud uses three types of tokens to manage user interactions.

• User Tokens. Created when you login into the Bartender Cloud Platform. Your username and password create a temporary token that can be used for browsing, printing and perform actions in the platform. System Managed.

• Application Tokens. Created by requesting a token to the BIDS (BarTender Identity Service) instance. These tokens are meant to be used as programmatic credentials for integrations and API-based interactions. User Managed.

• Print Gateway Tokens. Created automatically when configuring a Print Gateway from the Bartender Cloud platform. You should not copy or reuse this token. System Managed.

BarTender Cloud uses application tokens to control who can and cannot access the REST API.

Working with Application Tokens

When you register a web application, BarTender creates a unique Client ID and Client Secret for that application and uses that information to create an application token and a refresh token.

Pass this application token to the BarTender Cloud REST API each time you make a call. For example, if you are making a request using cURL, you would add

-H "Authorization: Bearer ____PASTE_YOUR_ACCESS_TOKEN_HERE____"

to the request header, pasting in your application token where indicated. The web application must send a token and be authorized before the API Gateway processes the calls.

The application token is used with every call made to the REST API. It also has a finite lifespan, and when that is reached, the refresh token is used by the system to get another application and refresh token.

An application token's lifespan is currently 10 days. If a token expires, the application must retrieve a new token on the cloud to continue to make calls. When using Authorization Code Flow tokens are handled automatically without the need for user interaction.

For specific steps on rotating your Client ID and Secret, and refreshing the access token, see the BarTender Cloud API Page and Authentication topics in this help system.

For more information about authentication and access tokens, see the BarTender Cloud REST API Application Types and BarTender Cloud REST API Authentication and Tokens support articles.

---

Related topics

• Registering Your Application with BarTender Cloud
• Authentication
• BarTender Cloud API Page