Skip to content

APP Server-Side Development

Get API Access Credential API

ItemExample
Request URLhttps://{domain}/api/oap/oauth/token
Request MethodPOST

Request Parameters

ParameterDescription
grant_typeFixed value client_credentials, OAuth client credentials mode
client_idclient_id assigned by the API provider
client_secretclient_secret assigned by the API provider

Request Example

json
{
    "grant_type": "client_credentials",
    "client_id": "ZUSQzclVGYF",
    "client_secret": "fnH5one7AmxPbl6ky6VHuFBNYQ88vAdvu0"
}

Response Parameters

ParameterReference
access_tokenAccess credential
token_typeToken type
expires_inValidity period
scopeOAuth 2.0 scope
id_tokenPermission information in JWT format

Response Example

json
{
    "access_token": "f7a815eb-c546-4052-b099-b554de1436c7",
    "token_type": "bearer",
    "expires_in": 764,
    "scope": "all",
    "id_token": "eyJraWQiOiJrMSIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJJc3N1ZXIiLC"
}

Exchange for ssoTicket API

ItemInterface URL
Request URL/api/oap/v1/SSO/session_ticket
Request MethodPOST

Request Parameters

Parameter NameDescriptionRequiredExample Value
sessionTokensessionToken is valid for up to 30 days and is used to exchange for ssoTicketYesr5ysOPTCBLU1
operatingSysVersionRequester User-AgentYesMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
device_ipTerminal device IPYes192.168.1.1
device_fingerprintTerminal device fingerprint (uniquely identifies the device)Yesqaws12fr45mjy7

Request Example

json
{
    "sessionToken": "NPb1iZc11TKmgiefSYWrFnvT2DBhFPIX",
    "operatingSysVersion": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36",
    "device_ip": "121.60.119.225",
    "device_fingerprint": "156aysdna213sc"
}

Response Parameters

Property NameSub-propertyParameter Description
codeReturn code. Success: 0
messageReturn message (records the failure reason when failed)
dataexpireRemaining validity time of ssoTicket, in seconds
ssoTicketssoTicket (used to obtain user information during in-app mini-program SSO)

Response Example

json
{
    "code": "0",
    "message": "success",
    "data": {
        "expire": 299,
        "ssoTicket": "ssoTicket-p2WBMUCXaOGSQDzzMPYdqLvKvZcAe0yC"
    }
}

Validate ssoTicket API

ItemInterface URL
Request URL/api/oap/v1/SSO/session_ticket-validate
Request MethodPOST

Request Parameters

Parameter NameDescriptionRequiredExample Value
ssoTicketSSO ticket, valid for 300 secondsYesssoTicket-p2WBM
operatingSysVersionRequester User-AgentYesMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
device_ipTerminal device IPYes192.168.1.1
device_fingerprintTerminal device fingerprint (uniquely identifies the device)Yesqaws12fr45mjy7

Request Example

json
{
    "ssoTicket": "ssoTicket-7Ddh7KhsBKBgPuN82IVHZVDc6DPm8Jxh",
    "operatingSysVersion": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36",
    "device_ip": "121.60.119.225",
    "device_fingerprint": "156aysdna213sc"
}

Response Parameters

Property NameSub-propertyParameter Description
codeReturn code. Success: 0
messageReturn message (records the failure reason when failed)
datauserInfoUser information

Response Example

json
{
	"code": "0",
	"message": "success",
	"data": {
		"userInfo": {
			"id": "20201119181527383-7B3B-0571E338A",
			"name": "lx4321",
			"userName": "lx4321",
			"mobile": "15907154321",
			"email": "1014321@qq.com",
			"age": 18,
			"gender": 0,
			"nick_name": "lxx",
			"head_url": "https://thirdwx.qlogo.cn/mmopen/vi_32/Q0j4TwGTfTKLb4AJez",
			"realStatus": "PERSONAL",
			"join_date": "2020-11-19T10:15:27.000Z"
		}
	}
}

Refresh sessionToken API

ItemInterface URL
Request URL/api/oap/v1/SSO/refreshSessionToken
Request MethodPOST

Request Parameters

Parameter NameDescriptionRequiredExample Value
sessionTokenOriginal sessionToken used to exchange for a new sessionTokenYesMkkp1xSB4Wqj3
operatingSysVersionRequester User-AgentYesMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212Safari/537.36
device_ipTerminal device IPYes192.168.1.1
device_fingerprintTerminal device fingerprint (uniquely identifies the device)Yesqaws12fr45mjy7

Request Example

json
{
	"sessionToken": "Yst40OUIo7zghBH3pFEniuSINGbLHzU3",
	"operatingSysVersion": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit / 537.36(KHTML, like Gecko) Chrome / 90.0 .4430 .212 Safari / 537.36 ",
	"device_ip ": "121.60 .119 .225 ",
	"device_fingerprint": "156aysdna213sc"
}

Response Parameters

Property NameSub-propertyParameter Description
codeReturn code. Success: 0
messageReturn message (records the failure reason when failed)
datasessionTokenSession token

Response Example

json
{
	"code": "0",
	"message": "success",
	"data": {
		"sessionToken": "lqIprZxbyUelLbn5Yos33o8TeVnoZJFH"
	}
}

Session Persistence

The sessionToken expiration time is configurable (see the Access Token validity period configuration). To maintain login status, the APP server is advised to refresh and synchronize the token proactively.

It is recommended to call the refresh API one day or three days before the sessionToken is about to expire, ensuring the sessionToken is always valid.

The above is only a suggestion; the caller can set the refresh time according to actual business scenarios.

BambooCloud IDaaS Open Platform