Authentication

Discusses the workflow of authenticating and retrieving a bearer token in order to use Betterview's API.

Suggest Edits

Authentication Workflow

Betterview uses Auth0 to provide for bearer token auth. The auth workflow with Betterview's API works with the following steps:

  1. Make a call to Betterview's Auth0 endpoint at the endpoint: https://betterview.auth0.com/oauth/token
  2. Receive a Token back in the response.
  3. Use that token, until expiration. The expiration date will be for 24 hours and is included in the token response.

The API reference has lots of references on how to apply the bearer token. Basically, one creates an authorization header that looks something like this:

Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik4wSkdNVE0yT1VaRU9FRXdSVEJFTlVRM1FrTXlNalkxUmpnMVJUTTNNakJCTURSQk56QkNNZyJ9...

The Token Retrieval Request

Regarding receiving a token, one must be granted a Client ID and Secret from Betterview. To get a secret and API key, contact Betterview. From there, the following example demos how to retrieve a token.

curl --request POST \
  --url https://betterview.auth0.com/oauth/token \
  --header 'content-type: application/json' \
  --data '{"client_id":"<Client ID Here>","client_secret":"<Client Secret Here>","audience":"https://api.betterview.net","grant_type":"client_credentials"}'

More documentation on this initial request can be seen at Auth0: https://auth0.com/docs/api/authentication#get-token

The Token Retrieval Response

Once a token has been requested, the response should look something like this:

{
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IlJEQTFNRFV5UWpRM1JqZ3lSamRGUlVNNE1VWTNPVEV4UTBVMVF6ZEJOVU0yUmprd01VTkZRUSJ9...",
    "expires_in": 86400,
    "token_type": "Bearer"
}
  • The field, access_token is the string that one needs to make requests. The string has, largely, been redacted here to save space.
  • The field, expires_in is how long, in seconds, before the token expires. To save opening a calculator, 86400 seconds = 24 hours.
  • The field token_type just indicates that the token should be used with Bearer authentication.

General Notes

Please, help Betterview out by storing the auth token somewhere and using it for the 24 hours before it expires. If this isn't done, and the API hits are frequent enough, we may come back and ask to have the token stored somewhere.

Updated over 1 year ago