Authentication in the Bokio API is linked to the type of integration you are building. Currently, Private integrations use an integration token.
When we expand to Public Integrations, it will be based on OAuth 2.0.
Handling of secrets
Ensure that you handle your tokens and other secrets securely and avoid storing them in sensitive files or sharing them in public repositories or client-side code.
Authentication for Private integrations
To access the Bokio Public API with a Private Integration, you need to pass an integration token that can be obtained in the Bokio app.
Using Integration token for Company API
To use the Bokio Company API with an Integration token, follow these steps:
Obtaining the Integration token
- Log in to the Bokio app.
- Navigate to the Integrations page.
- Create integration
- Copy the Integration token provided for your company.
Including the Integration token in Requests
To include your Integration token in requests, you need to add an Authorization: Bearer header with the value of your Integration token. The parameter companyid should be sent in with every API request to identify the company and can be obtained from the url when you are in Bokio accounting platform.
curl -H "Authorization: Bearer <your-integration-token>" https://api.bokio.se/companies/{companyid}/some-operation
GET companies/{companyid}/some-operation HTTP/1.1
Host: api.bokio.se
Authorization: Bearer <your-integration-token>
Make sure to replace <your-integration-token> with your actual Integration token.
Handling Authentication Errors
If you make a request without a valid Integration token or with an expired Integration token, you will receive a 401 Unauthorized response. Make sure to handle this error and prompt the user to provide a valid Integration token.