Bottomline Enterprise Authentication API

Business Overview of Bottomline Enterprise Authentication API

OAuth 2.0 (Open Authorization) is an open standard for access delegation commonly used as a way for users to grant applications access to their information.

The OAuth API streamlines the process for clients to acquire OAuth 2.0 tokens, employing a range of grant types.
The diversity of grant types allows clients the flexibility to authenticate and retrieve access tokens in various ways.
Presently, the API specifically caters to the client credentials grant type.

Here's what you can do with our OAuth API

The OAuth API can facilitate the Token generation flow via URL Endpoint: oauth/v1/token.

The API response contains an OAuth 2.0 JWT access token that can be used to access the Bottomline API successfully. When generating an access token, it is imperative to specify the required scope in the API request. For comprehensive information on the appropriate scope, kindly refer to the Bottomline business API product documentation.

It's crucial to note that OAuth API tokens have a finite lifespan, and businesses should be mindful of token expiry to ensure uninterrupted access and security in their systems.

Overview of API offering

We prioritize the security of both Bottomline API and API clients, emphasizing OAuth 2.0 as our API security standard.

Our approach involves claim-based authorization, wherein Bottomline APIs make authorization decisions based on the JWT claims, ensuring a robust security framework for seamless interactions.

For more information on JSON Web Token.

Process Flow Diagram

Use Cases

Use Case: Secure API Resource Access through OAuth 2.0 access tokens (client credentials grant type)

Access Token Request

The client or resource owner initiates the process by sending an access token request to the authorization server.
The request contains necessary credentials and scope for authentication.

Access Token Response

The Bottomline authorization server processes the request, and authenticates the client. Upon successful validation, the Bottomline authorization server responds with a JWT access token, accompanied by metadata such as token expiration and scope information.

Resource Request with Access Token

With the acquired access token, the client makes a subsequent request to the Bottomline business API.

Token Validation

The Bottomline business API receives the request, validates the provided access token, and ensures it is genuine and authorized for the requested actions.
If the access token is valid, the Bottomline business API will proceed to process the request.

Please refer to the support page for further assistance or queries.