TABLE OF CONTENTS
Introduction
This guide is designed to support you through each phase of the authentication process in Bridgewise (BW). This process is vital for safeguarding the security and integrity of your organization's information.
Identify Yourself
The first step requires obtaining your credentials. If you haven't received them yet, please reach out to our support team at [email protected] for prompt assistance.
Please keep in mind that for Machine-to-Machine (M2M) authorization, you will require an Application Client ID and Secret Key.
Grant Access Token
After your identity as an authorized entity has been confirmed, the next step is to acquire a Token. This can be done by sending your credentials to the authenticate endpoint under the user's service.
Endpoint:
https://rest.bridgewise.com/users/authenticate
You can find it under Swagger docs: BridgeWiseAPI
In response, you will receive an Access Token, which is crucial for further interaction with the BW system.
Machine-to-Machine (M2M) Tokens
Definition:
Machine-to-Machine Tokens are used to authenticate and authorize communication between two services or applications without any user involvement.
Usage:
These tokens are typically used in scenarios where an application (client) needs to access an API (resource server) directly.
Characteristics:
Issued to applications: The token represents the identity of the application rather than an individual user.
Longer lifespan: M2M tokens have a longer validity period since they are meant for automated systems that may run continuously.
Permissions: These tokens have permissions and scopes that are predefined based on the needs and license of the application.
No user context: They don't carry any information about a user, as they are used solely for service-to-service communication.
When to Use:
Use M2M tokens when one service (your BE) needs to securely communicate with BW API or Widget without user intervention.
Ideal for automated processes, server-to-server interactions, and background tasks.
Bridgwise products: APIs, Widgets.
Error Codes & Messages:
Case | Error code | Message |
|---|---|---|
Token value is empty | 401 | Bridgewise requires an authenticated token, you may not proceed without such a Token. Please see product documentation for obtaining and including an Authentication Token or contact [email protected] for acquiring a proper license. |
Token is invalid | 403 | Not valid Token. Please see product documentation for obtaining and including an Authentication Token or contact [email protected] for acquiring a proper license. |
Token is unauthorized | 403 | Your token does not allow access to this service. Please contact your admin or contact [email protected] to acquire a proper license. |
Authorizer general error | 403 | Internal error. Please contact [email protected]. |
Bad request (invalid parameter) | 400 | The request contains invalid parameters. Please check your request and ensure that all parameters are correct. Refer to the product documentation for guidance. |
Access Token (M2M):
curl -X 'POST' \
'https://rest.bridgewise.com/users/authenticate' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"application_client_id": "application_client_id",
"secret": "secret_key"
}'In response, you will receive an Access Token. This token serves as your digital key, specifically tailored to your application's client ID, granting you access only to the Bridgewise API services you are authorized to use. Some of these services may require a separate license, and the token reflects your entitlement to these authorized APIs. If you attempt to access an unauthorized service, you will receive an appropriate message indicating your lack of authorization.
NOTE: You can use this token only for API and Widgets.
NOTE: The token expires in 1 day.
IMPORTANT: You should grant a token by invoking the authentication endpoint a maximum of once a day and store it in your BE - then you have a valid token for 24 hours.
With this token, you can access BW's API, use its widgets.
Example for API use:
We should pass authorization header like shown in example.
curl --location 'https://rest.bridgewise.com/tenants/{{tenant_id}}/recommendations?company_ids=[]\
--header 'Content-Type: application/json' \
--header 'authorization: Bearer {{authorisation_token}}'Example for Widget use:
We should pass accessToken parameter.
<div id="bw-summary"></div>
<script src="https://widget.bridgewise.com/index.js"></script>
<script>
new BridgeWise.Collection({
identifier: "AAPL-NasdaqGS",
language: "en-US",
name: "summary",
accessToken:"{{authorisation_token}}"
});
</script>Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article