Security and Requirements

BarTender Cloud's REST API resides entirely on Cloud servers and is called by a client, be that a custom application or a RESTful application like Insomnia or Postman. The Client is required to authenticate using a token before it can pass through the authentication gate and make RESTful calls.

Security

The BarTender Cloud REST API requires authentication or calls cannot reach the API gateway. There are no options available to use basic authentication or simply send commands without any authentication at all. Unauthorized calls are stopped by the Authentication gate and not allowed to continue.

Instead of using a username and password to authenticate web applications, the API utilizes access tokens. An access token is a long series of alphanumeric characters and symbols that looks like nonsense but contains important information about who is making these API calls and where they should go.

A token's lifespan is currently 10 days. If a token expires, applications must retrieve a new token on the cloud to continue to make calls. When using Authorization Code Flowwith Web Applicatons, tokens are handled automatically without the need for user interaction.

Console applications and services that cannot display a BarTender Cloud login dialog use Password-based authentication.

Requirements

The following are required to use BarTender Cloud's REST APIs:

• Subscription. Automation

• Sending Application. Custom, Insomnia, Postman
  Uses token authentication

• Custom Applications. Custom applications can use Seagull's enhanced identity provider or OAuth (legacy) for authentication. Curl, C#, and .NET languages are supported for custom applications.

Certain API calls, such as submitting POST and PATCH requests for Actions API scripts, may require an account with Administrator or Actions API Administrator role permissions to perform. See Managing User Roles for more information on creating and managing user roles.