Authentication
Most API requests require authentication. BitBar supports authentication with an API key and access token.
Important Update: API Authentication
To align with our security framework enhancements, we will be discontinuing support for OAuth 2.0 password grant type. As a result, API calls using this method will trigger an authorization exception. We strongly advise our clients using OAuth 2.0 password grant type to transition to the API key method to ensure uninterrupted service. Guidance is available in our documentation to facilitate this transition.
API key
An API key is a secret token that you can find in your BitBar account settings:
Select > My Account in the top right corner.
Click the API tile in the My Integrations panel.
curl -u <api-key>: https://cloud.bitbar.com/api/me
You can later re-generate the API key to invalidate old scripts. To do this, click Reset API key, and then click Save.
![]() |
OAuth 2.0
OAuth 2.0 is an authorization method used to provide access to resources over the HTTP protocol.
Start a new session
curl -X POST https://cloud.bitbar.com/oauth/token -d 'client_id=testdroid-cloud-api&grant_type=password&username=EMAIL&password=PASSWORD'
Response body
{ "access_token":"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", "token_type":"bearer", "refresh_token":"yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy", "expires_in":1799, "scope":"read write" }
Refresh an existing session
curl -X POST https://cloud.bitbar.com/oauth/token -d 'client_id=testdroid-cloud-api&grant_type=refresh_token&refresh_token=REFRESH_TOKEN'
Response body
{ "access_token":"zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz", "token_type":"bearer", "refresh_token":"yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy", "expires_in":1799, "scope":"read write" }
Use an access token
curl "https://cloud.bitbar.com/api/me?access_token=ACCESS_TOKEN"