BLAM API uses a JWT bearer token authorisation model. BLAM comes pre-configured with Basic Authentication for issuing bearer and refresh tokens by authenticating with a valid username and password. The bearer token then provides the authorisation to access the API endpoints the user has the corresponding permissions for. All bearer tokens automatically expire 5 minutes after being issued. A new bearer token can be obtained either by using the refresh token or re-authenticating using the same username and password.
Basic authentication uses the inbuilt authentication scheme defined in the HTTP protocol. The HTTP client must send a GET request to the BLAM API at /api/users/authorisation with the Authorization header that starts with the keyword Basic followed by a space and a base64-encoded string of username:password. If your BLAM is multi-tenanted, the BLAM API also accepts an additional parameter for selecting the correct OrganisationId to authenticate with.
curl -H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=" https://yourblam.bluelucy.com/api/users/authorisation
curl -H "Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=" https://yourblam.bluelucy.com/api/users/authorisation?OrganisationId=1
The BLAM API response with a JSON object containing the bearer and refresh tokens and their respective expiry dates. The returned bearer token must be used when attempting to access the BLAM API.
To use the token to BLAM API authorisation, add the bearer token to the Authorization header when making a request:
curl -H "Authorization: Bearer eyJhbGci..." https://yourblam.bluelucy.com/api/assets
BLAM API JWT bearer tokens automatically expire after 5 minutes. One method to obtain a new token is to use the refresh token which is issued at authentication. The refresh token needs to be sent as a parameter in a GET request to the BLAM API /api/users/token endpoint along with the OrganisationId parameter for the correct organisation. The default OrganisationId for single-tenant BLAM’s is 1.
Developer Tip: Ensure the refresh token is correctly URL encoded before calling the BLAM API or it will fail validation.