Download OpenAPI specification:
Authentication service for the Bonterra Network
This API provides OAuth2/OpenID Connect authentication, custom JWT claims, and user lifecycle event streams for the Bonterra ecosystem.
Get OpenID Connect discovery document containing metadata about the OAuth2/OpenID Connect provider configuration.
| issuer | string |
| authorization_endpoint | string |
| token_endpoint | string |
| userinfo_endpoint | string |
| jwks_uri | string |
| revocation_endpoint | string |
| scopes_supported | Array of strings |
| response_types_supported | Array of strings |
| grant_types_supported | Array of strings |
{- "scopes_supported": [
- "openid",
- "profile",
- "email",
- "offline_access"
], - "response_types_supported": [
- "code",
- "token",
- "id_token",
- "code token",
- "code id_token"
], - "grant_types_supported": [
- "authorization_code",
- "client_credentials",
- "refresh_token"
], - "subject_types_supported": [
- "public"
], - "id_token_signing_alg_values_supported": [
- "RS256"
], - "claims_supported": [
- "sub",
- "iss",
- "aud",
- "exp",
- "iat",
- "email",
- "name",
- "urn:bonterra:claims:bonterra_auth_id",
- "urn:bonterra:claims:is_bonterra_grants"
]
}Get public keys used for JWT signature verification. These keys rotate periodically for security.
Array of objects |
{- "keys": [
- {
- "kty": "RSA",
- "use": "sig",
- "kid": "abc123",
- "n": "string",
- "e": "AQAB"
}
]
}Exchange authorization code, client credentials, or refresh token for access tokens. Returns JWT tokens with custom Bonterra claims.
| grant_type required | string Enum: "authorization_code" "client_credentials" "refresh_token" OAuth2 grant type |
| client_id required | string Application client ID |
| client_secret required | string Application client secret |
| code | string Authorization code (for authorization_code grant) |
| redirect_uri | string Redirect URI (for authorization_code grant) |
| audience | string Target API audience |
| scope | string Requested scopes |
| refresh_token | string Refresh token (for refresh_token grant) |
| access_token | string JWT access token containing custom Bonterra claims:
|
| id_token | string JWT ID token with user information |
| refresh_token | string Refresh token for getting new access tokens |
| token_type | string |
| expires_in | integer Token lifetime in seconds |
| scope | string Granted scopes |
grant_type=authorization_code&client_id=abc123xyz789&client_secret=secret123&code=auth_code_123456&redirect_uri=https%3A%2F%2Fmyapp.example.com%2Fcallback&audience=https%3A%2F%2Fapi.bonterra.network
{- "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEyMyJ9.eyJpc3MiOiJodHRwczovL2F1dGguYm9udGVycmEubmV0d29yay8iLCJzdWIiOiJhdXRoMHw1MDdmMWY3N2JjZjg2Y2Q3OTk0MzkwMTEiLCJhdWQiOiJodHRwczovL2FwaS5ib250ZXJyYS5uZXR3b3JrIiwiZXhwIjoxNjcyNTMxMjAwLCJpYXQiOjE2NzI0NDQ4MDAsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgZW1haWwiLCJ1cm46Ym9udGVycmE6Y2xhaW1zOmJvbnRlcnJhX2F1dGhfaWQiOiJhMWIyYzNkNC1lNWY2LTc4OTAtYWJjZC1lZjEyMzQ1Njc4OTAiLCJ1cm46Ym9udGVycmE6Y2xhaW1zOmlzX2JvbnRlcnJhX2dyYW50cyI6dHJ1ZX0.signature_here",
- "id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjEyMyJ9.eyJpc3MiOiJodHRwczovL2F1dGguYm9udGVycmEubmV0d29yay8iLCJzdWIiOiJhdXRoMHw1MDdmMWY3N2JjZjg2Y2Q3OTk0MzkwMTEiLCJhdWQiOiJhYmMxMjN4eXo3ODkiLCJleHAiOjE2NzI1MzEyMDAsImlhdCI6MTY3MjQ0NDgwMCwibm9uY2UiOiJhYmMxMjMiLCJlbWFpbCI6InVzZXJAZXhhbXBsZS5jb20iLCJuYW1lIjoiSm9obiBEb2UiLCJ1cm46Ym9udGVycmE6Y2xhaW1zOmJvbnRlcnJhX2F1dGhfaWQiOiJhMWIyYzNkNC1lNWY2LTc4OTAtYWJjZC1lZjEyMzQ1Njc4OTAiLCJ1cm46Ym9udGVycmE6Y2xhaW1zOmlzX2JvbnRlcnJhX2dyYW50cyI6dHJ1ZX0.id_signature_here",
- "refresh_token": "refresh_token_xyz123",
- "token_type": "Bearer",
- "expires_in": 86400,
- "scope": "openid profile email"
}Revoke access or refresh tokens
| token required | string Token to revoke |
| client_id required | string |
| client_secret required | string |
{- "error": "invalid_request",
- "error_description": "Missing required parameter: client_id"
}Get user information using a valid access token. Returns user profile with custom Bonterra claims.
| sub | string User ID |
string <email> | |
| email_verified | boolean |
| name | string |
| given_name | string |
| family_name | string |
| picture | string <uri> |
| updated_at | string <date-time> |
| urn:bonterra:claims:bonterra_auth_id | string <uuid> |
| urn:bonterra:claims:is_bonterra_grants | boolean |
{- "sub": "auth0|507f1f77bcf86cd799439011",
- "email": "user@example.com",
- "email_verified": true,
- "name": "John Doe",
- "given_name": "John",
- "family_name": "Doe",
- "updated_at": "2024-01-15T10:30:00.000Z",
- "urn:bonterra:claims:bonterra_auth_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
- "urn:bonterra:claims:is_bonterra_grants": true
}List users (Auth0 Management API)
| per_page | integer [ 1 .. 100 ] Default: 25 Example: per_page=25 Number of results per page |
| page | integer >= 0 Default: 0 Page number (0-indexed) |
| q | string Example: q=email:"user@example.com" Search query using Lucene syntax. Examples:
|
Array of objects (User) | |
| start | integer Starting index |
| limit | integer Number of results per page |
| length | integer Total number of users |
| total | integer Total count |
{- "users": [
- {
- "user_id": "auth0|507f1f77bcf86cd799439011",
- "email": "user1@example.com",
- "name": "John Doe",
- "app_metadata": {
- "bonterra_auth_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
- "is_bonterra_grants": true
}
}, - {
- "user_id": "auth0|607f1f77bcf86cd799439022",
- "email": "user2@example.com",
- "name": "Jane Smith",
- "app_metadata": {
- "bonterra_auth_id": "b2c3d4e5-f6g7-8901-bcde-f23456789012",
- "is_bonterra_grants": false
}
}
], - "start": 0,
- "limit": 25,
- "length": 2,
- "total": 150
}Get user by ID (Auth0 Management API)
| userId required | string Example: auth0|507f1f77bcf86cd799439011 Auth0 user ID |
| user_id | string |
string <email> | |
| email_verified | boolean |
| name | string |
| given_name | string |
| family_name | string |
| picture | string |
| created_at | string <date-time> |
| updated_at | string <date-time> |
object Bonterra-specific metadata | |
| user_metadata | object User-editable metadata |
{- "user_id": "auth0|507f1f77bcf86cd799439011",
- "email": "user@example.com",
- "email_verified": true,
- "name": "John Doe",
- "given_name": "John",
- "family_name": "Doe",
- "created_at": "2024-01-01T12:00:00.000Z",
- "updated_at": "2024-01-15T10:30:00.000Z",
- "app_metadata": {
- "bonterra_auth_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
- "is_bonterra_grants": true,
- "organization_id": "org_12345",
- "roles": [
- "user",
- "grants_admin"
]
}, - "user_metadata": {
- "preferences": {
- "theme": "dark",
- "notifications": true
}, - "onboarding_completed": true
}
}Update user metadata (Auth0 Management API)
| userId required | string Example: auth0|507f1f77bcf86cd799439011 Auth0 user ID |
string <email> | |
| name | string |
| given_name | string |
| family_name | string |
object | |
| user_metadata | object |
| user_id | string |
string <email> | |
| email_verified | boolean |
| name | string |
| given_name | string |
| family_name | string |
| picture | string |
| created_at | string <date-time> |
| updated_at | string <date-time> |
object Bonterra-specific metadata | |
| user_metadata | object User-editable metadata |
{- "name": "John Updated Doe",
- "app_metadata": {
- "bonterra_auth_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
- "is_bonterra_grants": true,
- "organization_id": "org_67890"
}, - "user_metadata": {
- "preferences": {
- "theme": "light",
- "notifications": false
}
}
}{- "user_id": "auth0|507f1f77bcf86cd799439011",
- "email": "user@example.com",
- "email_verified": true,
- "name": "John Doe",
- "given_name": "John",
- "family_name": "Doe",
- "created_at": "2024-01-01T12:00:00.000Z",
- "updated_at": "2024-01-15T10:30:00.000Z",
- "app_metadata": {
- "bonterra_auth_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
- "is_bonterra_grants": true,
- "organization_id": "org_12345",
- "roles": [
- "user",
- "grants_admin"
]
}, - "user_metadata": {
- "preferences": {
- "theme": "dark",
- "notifications": true
}, - "onboarding_completed": true
}
}