Use OAuth Authentication for access to the Bricsys 24/7 API

Overview

To enhance security and ensure seamless access to our platform, all external applications must authenticate using OAuth.

Depending on how your application interacts with our system, you should use one of the following OAuth flows:

  • Authorization Code Flow: if users need to log in to access their own data.
  • Client Credentials Flow: if the application acts independently, without user intervention.

This guide explains how to transition to OAuth and the information required to register your application with our identity provider.

Using Authorization Code Flow (For User-Based Access)

If your application requires users to authenticate and access their own data, you must implement the Authorization Code Flow.

Steps to implement
  1. Redirect users to our authorization server to request an authorization code.
  2. Users authenticate using their credentials.
  3. Your application exchanges the authorization code for an access token.
  4. The access token is then used to access our APIs on behalf of the user.

See also the Authorization Code Flow documentation.

Required information for OAuth client registration
To register your application, provide the following details:
  • Application Name: add a unique name to identify your app.
  • Description: add a description of your application's usage of the Bricsys 24/7 API.
  • Technical contact person: add a name and email.
  • Redirect URI(s): add the URL(s) where authorization responses will be sent.

Using Client Credentials Flow (For Machine-to-Machine Access)

If your application does not require user authentication and acts on its own (for example, background services, automated scripts), use the Client Credentials Flow.

Steps to implement
  1. Your application requests an access token directly from our authorization server using its client credentials.
  2. If authentication is successful, an access token is returned.
  3. The access token is used to interact with our APIs.

See also the Client Credentials Flow documentation.

Required information for OAuth client registration
To register your application, provide the following details:
  • Application Name: add a unique identifier for your app.
  • Description: add a description of your application's usage of the Bricsys 24/7 API.
  • Technical contact person: add a name and email.
  • Service account name: add the email address of the Bricsys 24/7 account that you intend to use as a service account.
    Note: You will not be able to log in using this account.

General OAuth Resources

For a deeper understanding of OAuth and its implementation, refer to the following resources:

Next Steps

  1. Choose the appropriate OAuth flow based on your application’s needs.
  2. Gather the required registration details.
  3. Contact our support team via a Support Request to submit your application details.
  4. Implement the authentication flow in your application.

If you need further assistance, fill in a Support Request in the Bricsys 24/7 > API & integration category or contact directly sales@bricsys247.com. We’re here to help!