help/public-api.md at 80a0b17ac689afebb2f07a0b8e4fcc733ecfffb0

mirror of https://github.com/bitwarden/help synced 2025-12-06 00:03:30 +00:00

Files

David Choi 80a0b17ac6 Staging (#294 )

* jekyll redirect from

* Organizations rev (#262)

* Organizations revisions initial commit.

* API doc updates

* Fix absolute link causing build failure.

* Add import to org article, and downstream order changes.

* Bitwarden 101 videos: 1st steps toward proliferating these throughout /help.

* Added 'Create Your Account' article, which references B101 Videos.

* About SSO redirect & promote importing for orgs up the list

* Create Org FAQs & trim Feature FAQs accordingly.

* Image for Org FAQs

* Move 'About the Business Portal' to Orgs category, and re-order accordingly.

* Final edits.

* Dchoi/bootstrap upgrade (#264)

* bootstrap 4 upgrade and cleanup update gulp tasks

* bootstrap package updates

* renaming file convention

* general outline of help outline

* bitwarden help cleanup

* article cleanup

* article general styling complete

* bootstrap help page upgrades

* sidebar updates

* Dchoi/bootstrap upgrade (#267)

* bootstrap 4 upgrade and cleanup update gulp tasks

* bootstrap package updates

* renaming file convention

* general outline of help outline

* bitwarden help cleanup

* article cleanup

* article general styling complete

* bootstrap help page upgrades

* sidebar updates

* toc dynamic and more updates

* fix callout conditions

* sidebar collapse functionality added

* sidebar header toggle functionality

* sidebar article fixes

* Update sidebar.html

Fix sidebar Release Notes link.

* Update releasenotes.md

Remove unnecessary category tag.

* Delete release-notes.md

Remove unnecessary category.

* Update why-choose-bitwarden-for-your-team.md

Test table image differentiation

* Update why-choose-bitwarden-for-your-team.md

Second image differentiation test

* removed links from category breadcrumb and replaced with badges

Co-authored-by: fred_the_tech_writer <69817454+fschillingeriv@users.noreply.github.com>

2020-11-13 14:23:00 -08:00

5.5 KiB

Raw Blame History

layout, title, categories, featured, popular, tags, order

layout

title

Endpoints

Base URL

For Cloud-hosted, https://api.bitwarden.com.

For Self-hosted, https://your.domain.com/api.

Authentication Endpoints

For Cloud-hosted, https://identity.bitwarden.com/connect/token.

For Self-hosted, https://your.domain.com/identity/connect/token.

Authentication

The API uses bearer access tokens to authenticate with protected API endpoints. Bitwarden uses an OAuth2 Client Credentials{:target="_blank"} application request flow to grant bearer access tokens from the endpoint.

Authentication requests take client_id and client_secret as required parameters. client_id and client_secret can be obtained by an Owner from the Web Vault by navigating to the Settings tab → My Organization and scrolling down to the API Key section.

{% callout warning %} Your API key enables full access to your Organization. Keep your API key private. If you believe your API key has been compromised, select the Rotate API Key button on this screen. Active uses of your current API key will need to be reconfigured with the new key before use. {% endcallout %}

Bearer Access Tokens

To obtain a bearer access token, make a POST request with Content-Type: application/x-www-form-urlencoded with your client_id and client_secret to the Authentication Endpoint. When using the API for Organization Management, you will always use grant_type=client_credentials and scope=api.organization. For example:

curl -X POST \
  https://identity.bitwarden.com/connect/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'grant_type=client_credentials&scope=api.organization&client_id=<ID>&client_secret=<SECRET>'

This request will result in the following response:

{
  "access_token": "<TOKEN>",
  "expires_in": 3600,
  "token_type": "Bearer"
}

In this response, 3600 represents the expiration value (in seconds), meaning this token is valid for 6 minutes after being issued. Making an API call with an expired token will return a 401 Unauthorized response code.

Content Types

The Bitwarden Public API communicates with application/json requests and responses, with one exception:

The Authentication Endpoint expects a application/x-www-form-urlencoded request, however will respond with application/json.

Sample Request

curl -X GET \
  https://api.bitwarden.com/public/collections \
  -H 'Authorization: Bearer <TOKEN>'

Where <TOKEN> is the value for the access_token: key in the obtained bearer access token.

This request will result in a response:

{
  "object": "list",
  "data": [
    {
      "object": "event",
      "type": 1000,
      "itemId": "string",
      "collectionId": "string",
      "groupId": "string",
      "policyId": "string",
      "memberId": "string",
      "actingUserId": "string",
      "date": "2020-11-04T15:01:21.698Z",
      "device": 0,
      "ipAddress": "xxx.xx.xxx.x"
    }
  ],
  "continuationToken": "string"
}

Status

Bitwarden has a public status page, where you can find information about service health and incidents for all services including the Public API.

Response Codes

The Bitwarden Public API uses conventional HTTP response codes to indicate the success or failure of an API request:

Status Code	Description
`200 OK`	Everything worked as expected.
`400 Bad Request`	The request was unacceptable, possibly due to missing or malformed parameter(s).
`401 Unauthorized`	The bearer access token was missing, invalid, or expired.
`404 Not Found`	The requested resource doesn't exist.
`429 Too Many Requests`	Too many requests hit the API too quickly. We recommend scaling back the number of requests.
`500, 502, 503, 504 Server Error`	Something went wrong on Bitwarden's end. These are rare, but Contact Us if they occur.

5.5 KiB Raw Blame History