Tenant Authentication Guideline

Created by Erez Michaeli, Modified on Sun, 21 Sep at 3:27 AM by Erez Michaeli

Introduction

This guide walks you through the authentication process in Bridgewise (BW). Authentication is essential for protecting the security and integrity of your organization’s data and ensuring safe access to BW services.

Step 1: Identify Yourself

To begin, you’ll need valid credentials.

If you have not received your credentials, please contact our support team at support@bridgewise.com.
For Machine-to-Machine (M2M) authorization, you will need an Application Client ID and a Secret Key.

Step 2: Grant Access Token

Once your credentials have been verified, you must request an Access Token.

Endpoint:

https://rest.bridgewise.com/users/authenticate

This endpoint is available in any BW Product Swagger documentation. For example, StockWise API.

You will receive an Access Token tied to your application’s Client ID. This token grants access only to the services your application is licensed for.

Note: If you attempt to access unauthorized services, you will receive an error message.

Access Token Request Example:

curl -X 'POST' \

'https://rest.bridgewise.com/users/authenticate' \

-H 'accept: application/json' \

-H 'Content-Type: application/json' \

-d '{

"application_client_id": {YOUR_APPLICATION_CLIENT_ID},

"secret": {YOUR_SECRET_KEY}

⚠️ Important Notes:

Tokens can only be used with APIs and Widgets.
Tokens expire after 24 hours.

You should request a new token once per day and store it securely in your backend for reuse.

Machine-to-Machine (M2M) Tokens

Definition
M2M tokens allow secure communication between services or applications without user involvement.

Usage Scenarios

Direct application-to-API communication
Automated processes and background tasks
Server-to-server interactions

Key Characteristics

Issued to applications: Represents the identity of an application, not a user
Longer validity: Designed for systems that run continuously
Scoped permissions: Access rights are based on license and application needs
No user context: Used solely for service-to-service authentication

When to Use
Use M2M tokens when your backend service needs to securely communicate with BW’s APIs or Widgets without user intervention. Applies to: APIs and Widgets

Error Codes & Messages

Case	Error Code	Message
Token value is empty	401	Bridgewise requires an authenticated token. Please see documentation for obtaining a token or contact support@bridgewise.com.
Token is invalid	403	Invalid token. Please see documentation for obtaining a token or contact support@bridgewise.com.
Token is unauthorized	403	Your token does not allow access to this service. Contact your admin or support@bridgewise.com.
Authorizer general error	403	Internal error. Please contact support@bridgewise.com.
Bad request (invalid parameter)	400	The request contains invalid parameters. Please verify your request and refer to the documentation for correct usage.

Using the Access Token

API Example

Add the token in the Authorization Header:

curl --location 'https://rest.bridgewise.com/tenants/{{TENANT_ID}}/recommendations?company_ids=[]' \

--header 'Content-Type: application/json' \

--header 'authorization: Bearer {{ACCESS_TOKEN}}'

Widget Example

Pass the token as the accessToken parameter: