Overview

BarTender Cloud offers password-based OAuth 2.0 with Open ID Connect (OIDC) for Console Applications and Services to gain access to the BarTender Cloud Rest API. OAuth is an authentication mechanism which allows services to share data with third party web apps.

While OAuth usually serves as an alternative to sharing login credentials and the security risks this entails (See here for more info), it can also be used in conjunction with username and password credentials. OIDC is an open authentication protocol that works on top of the OAuth 2.0 framework. 

This article offers a detailed look at how OAuth works with usernames and passwords. As this is an advanced topic, this article is geared towards those individual who are already familiar with or have advanced knowledge of this subject.

Applicable to 

BarTender Cloud REST API

Auth0 API

Information

In order to use your credentials for Password-Based authentication, you will need to enable this for the corresponding BarTender Cloud account. Do this by following the steps below:

1. Click on the hamburger menu and navigate to Manage Cloud Account > Users.
2. Expand the user options by selecting the verticle ellipsis icon to the right of the user in question.
3. Click Edit.
4. Click the box next to Allow password-based API access to enable this feature. 

5. Click Save at the bottom.

Registering Your Application for Password-Based Access

Once you've enabled password-based API access for your User profile, it's time to register your application with BarTender Cloud.

1. From the hamburger menu in the upper-left corner of BarTender Cloud and select Manage Cloud Account.
2. Select BarTender Cloud API in the left-hand toolbar.
3. Click Register Application for Password-Based Access under Console Applications and Services (Password-Based).

4. Complete the following fields and click Register:

   • Name: Specifies a name for the application or service. This is the "friendly" display name.

   • Description: Specifies an optional description for the application or service.

5. Your newly registered application or service will be listed on the BarTender Cloud API property page. 

6. Completing registration will generate an Application ID and Application Secret. Click the verticle ellipsis icon to the right of your registered application and select View ID & Secret to view them.

   

This will be used alongside your BarTender Cloud username and password to generate your access token to make BarTender Cloud REST API calls. If you need to change the ID and Secret, you can do this by selecting the Rotate ID & Secret button as seen in the above Web Registration ID and Secret dialog.

OAuth Technical Details

BarTender Cloud uses the OAuth provider Auth0 to handle the authentication process and third-party applications must use their API in order to authenticate with BarTender Cloud.

BarTender Cloud offers Auth0's Resource Owner Password Flow for trusted applications which cannot make use of the Authorization Code Flow, which is described in more detail in this article.

OAuth Resource Owner Password Flow

Below is a step-by-step explanation of the Resource Owner Password flow when you try to authenticate with BarTender Cloud through a third-party console application or service(the Client) to access your tenant space:

1. Select Login within the application and enter your credentials.

2. Auth0's SDK forwards your credentials and the Application ID & Secret to the authorization server. The URLs for this are:

   • BarTender Cloud Americas and APJ environments: https://bartendercloud-production.us.auth0.com/oauth/token
   • BarTender Cloud EMEA environment: https://bartendercloud-production.eu.auth0.com/oauth/token
   • Application/Client ID used to identify your application -  Generated when the application was registered in BarTender Cloud
   • Application/Client secret used to prove ownership of the ClientID - Generated when the application was registered in BarTender Cloud  

3. Your Auth0 Authorization Server validates the credentials, Application ID & Secret.

4. Your Auth0 Authorization Server responds with an Access Token (and, optionally, a Refresh Token).

5. The application can use the Access Token to call the API to access BarTender Cloud data and functions.

6. The API responds with the requested data.

Additional Resources

Help Documentation:

• Authentication
• C# Automation Example

Support Articles:

• BarTender Cloud REST API Authentications and Tokens
• BarTender Cloud REST API Application Types
• BarTender Cloud REST API Authenticating Using OAuth

Additional External Resources (all rights reserved):

• Understanding OAuth
• Resource Owner Password Flow
• Get Token