What types of applications can make RESTful calls to the REST API? What are the differences?
BarTender Cloud REST API
There are two types of applications that can make REST API calls:
- Console Applications and Services - Insomnia, Postman, custom applications without a GUI
- Web Applications - custom or third party applications.
When making REST API calls, the application must send a token and be authorized before the API Gateway processes the calls.
While both types require a token to pass through the Security Gate, the method of obtaining the token differs.
Test Credentials Access Token
BarTender Cloud offers you a quick and easy way to get started with testing the REST API by generating a temporary access token. You can do so by following the below steps:
- Click on the Hamburger menu in the top left.
- Go to Manage Cloud Account > BarTender Cloud API.
- Click on View Access Token at the bottom.
- Click on the Copy Access Token button in the popup dialog and paste it into your application.
Web Applications (Authorization Code Flow)
Web applications are built in languages such as C# and act as a fully-functioning interface. As these are oftentimes third party applications and users may not wish to share their credentials directly with it, BarTender Cloud offers this OAuth 2.0 authentication method to allow the application to authenticate without having access to the credentials. These types of applications have extra steps to retrieve a token and ultimately pass through the Security Gate and make API calls. Here's a high-level look at the authorization process.
You can get more information on this authentication method by reading the following article: BarTender Cloud REST API Authenticating Using OAuth.
There are several examples of how to write a custom web app and how to spawn the authentication dialog. You can find them and more information in our BarTender Cloud Help here.
Console Applications and Services (Password-Based)
Console applications and services that cannot display a BarTender Cloud login dialog must use Password-based authentication. Applications that cannot display a GUI fall into this category. In addition, this method can be used for testing with applications like Insomnia or Postman as it is easier to implement.
The authorization process is a simplified version of the one for Authorization Code Flow above.
For more details on how this works you can check out the following article: BarTender Cloud REST API Authenticating Using Password-Based OAuth.