User GuideAPI Reference
ProductUse CasesResource CenterFAQAbout UsBook a DemoSign Up - It's Free
User Guide
ProductUse CasesResource CenterFAQAbout UsBook a DemoSign Up - It's Free

Login to BioT

Suggest Edits

To interact with BioT's secured APIs, users must authenticate through the User Management Service (UMS) using a username and password obtained during pre-signup.

Login With Credentials

  • Request: POST https://<your api endpoint>/ums/v2/users/login
  • Body:
{
    "username": "<your-username>",
    "password": "<your-password>"
}
  • Response:
    • response.accessJwt.token → The Access Token
    • response.refreshJwt.token → The Refresh Token

Use the Access Token in the Authorization header for all authenticated API calls:

Authorization: Bearer <access_token>

Token Maintenance

The Access Token is short-lived and will expire after a limited time (expiration time can be found in response.accessJwt.expiration).

To maintain your session without logging in again, use the Refresh Token to obtain a new set of tokens.
The Refresh Token is longer-lived and helps reduce the frequency of transmitting user credentials over the network.

Refresh Access Token:

  • Request: POSThttps://<your api endpoint>/ums/v2/users/token/refresh
  • Body:
{
  "refreshToken": "<your-refresh-token>"
}
  • Response: Similar to Credential response.
    • response.accessJwt.token → New Access Token
    • response.refreshJwt.token → New Refresh Token

Check the expiration time of the refresh token. If this token has also expired, then a new login API call with a username and password is needed.

Authentication Flow Overview

BioT uses OAuth 2.0 principles for authentication and session management.

The standard flow is:

  1. Login with credentials to receive both an Access Token and a Refresh Token.
  2. Use the Access Token in the Authorization header for most API calls.
  3. When the Access Token is close to expiring, you can check its expiration time using response.accessJwt.expiration. If it’s about to expire, refresh it by using the Refresh Token.
  4. If the Refresh Token has also expired, perform a full login again using credentials.

This approach improves security by minimizing how often credentials are transmitted over the network.
Want to understand more about OAuth 2.0? Check out this OAuth 2.0 for Dummies article.

Updated 12 days ago