Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Tenant Authentication Guideline

            Created by Erez Michaeli, Modified on Mon, 19 Aug at 10:29 AM by Nazeli Abrahamyan

            TABLE OF CONTENTS


            Introduction

            This guide is designed to support you through each phase of the authentication process in Bridgewise (BW). This process is vital for safeguarding the security and integrity of your organization's information.

            Identify Yourself

            The first step requires obtaining your credentials. If you haven't received them yet, please reach out to our support team at support@bridgewise.com for prompt assistance. 

            Please keep in mind that for Machine-to-Machine (M2M) authorization, you will require an Application Client ID and Secret Key.

            Grant Access Token

            After your identity as an authorized entity has been confirmed, the next step is to acquire a Token. This can be done by sending your credentials to the authenticate endpoint under the user's service.


            Endpoint:

            https://rest.bridgewise.com/users/authenticate


            You can find it under Swagger docs: BridgeWiseAPI

            In response, you will receive an Access Token, which is crucial for further interaction with the BW system.

            Machine-to-Machine (M2M) Tokens

            Definition:

            • Machine-to-Machine Tokens are used to authenticate and authorize communication between two services or applications without any user involvement.

            Usage:

            • These tokens are typically used in scenarios where an application (client) needs to access an API (resource server) directly.

            Characteristics:

            • Issued to applications: The token represents the identity of the application rather than an individual user.

            • Longer lifespan: M2M tokens have a longer validity period since they are meant for automated systems that may run continuously.

            • Permissions: These tokens have permissions and scopes that are predefined based on the needs and license of the application.

            • No user context: They don't carry any information about a user, as they are used solely for service-to-service communication.

            When to Use:

            • Use M2M tokens when one service (your BE) needs to securely communicate with BW API or Widget without user intervention.

            • Ideal for automated processes, server-to-server interactions, and background tasks.

            • Bridgwise products: APIs, Widgets.


            Error Codes & Messages:


            Case

            Error code

            Message

            Token value is empty

            401

            Bridgewise requires an authenticated token, you may not proceed without such a Token. Please see product documentation as for obtaining and including an Authentication Token or contact support@bridgewise.com for acquiring a proper license.

            Token is invalid

            403

            Not valid Token. Please see product documentation as for obtaining and including an Authentication Token or contact support@bridgewise.com for acquiring a proper license.

            Token is unauthorized

            403

            Your token does not allow access to this service. Please contact your admin or contact support@bridgewise.com to acquire a proper license.

            Authorizer general error 

            403

            Internal error. Please contact support@bridgewise.com.

            Access Token (M2M):

            curl -X 'POST' \
  'https://rest.bridgewise.com/users/authenticate' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "application_client_id": "application_client_id",
  "secret": "secret_key"
}'

            In response, you will receive an Access Token. This token serves as your digital key, specifically tailored to your application's client ID, granting you access only to the Bridgewise API services you are authorized to use. Some of these services may require a separate license, and the token reflects your entitlement to these authorized APIs. If you attempt to access an unauthorized service, you will receive an appropriate message indicating your lack of authorization.

            NOTE: You can use this token only for API and Widgets.
            NOTE: The token expires in 1 day.

            IMPORTANT: You should grant a token by invoking the authentication endpoint a maximum of once a day and store it in your BE - then you have a valid token for 24 hours.

            With this token, you can access BW's API, use its widgets.

            Example for API use:

            We should pass authorization header like shown in example.

            curl --location 'https://rest.bridgewise.com/tenants/{{tenant_id}}/recommendations?company_ids=[]\
--header 'Content-Type: application/json' \
--header 'authorization: Bearer {{authorisation_token}}'


            Example for Widget use:

            We should pass accessToken parameter. 

            <div id="bw-summary"></div>

<script src="https://widget.bridgewise.com/index.js"></script>
<script>
  new BridgeWise.Collection({
    identifier: "AAPL-NasdaqGS",
    language: "en-US",
    name: "summary",
    accessToken:"{{authorisation_token}}"
  });
</script>

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0