BigID

BigID Authentication API

Authenticate against a BigID deployment using either username/password or a long-lived user token. Exchange a user token for a short-lived system token (JWT) used to authorize subsequent REST API calls.

BigID Authentication API is one of 7 APIs that BigID publishes on the APIs.io network, described by a machine-readable OpenAPI specification.

This API exposes 1 machine-runnable capability that can be deployed as REST, MCP, or Agent Skill surfaces via Naftiko.

Tagged areas include Authentication, Sessions, and Tokens. The published artifact set on APIs.io includes API documentation, an OpenAPI specification, sample payloads, and 1 Naftiko capability spec.

GitHub OpenAPI

Documentation

📖
Documentation
https://developer.bigid.com/api/bigid-api-user-authentication/
📖
Documentation
https://developer.bigid.com/api/bigid-api-token-authentication/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/bigid/refs/heads/main/openapi/bigid-authentication-api-openapi.yml

Examples

📝
Example
https://raw.githubusercontent.com/api-evangelist/bigid/refs/heads/main/examples/bigid-create-session-example.json

Other Resources

🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/bigid/refs/heads/main/capabilities/authentication-sessions.yaml

OpenAPI Specification

bigid-authentication-api-openapi.yml Raw ↑ 
openapi: 3.0.3
info:
  title: BigID Authentication API
  description: >-
    Authenticate against a BigID deployment using either user credentials
    (username/password) or a long-lived user token. Exchange a user token for a
    short-lived system token (session token) used to authorize subsequent calls
    against the BigID REST API.
  version: '1.0'
  contact:
    name: BigID Support
    url: https://developer.bigid.com/
    email: [email protected]
  license:
    name: BigID Terms of Service
    url: https://bigid.com/terms/
servers:
  - url: https://sandbox.bigid.tools/api/v1
    description: BigID developer sandbox.
  - url: https://{deployment}.bigid.com/api/v1
    description: Customer-hosted BigID deployment.
    variables:
      deployment:
        default: tenant
        description: Tenant subdomain assigned by BigID.
tags:
  - name: Authentication
    description: User and token authentication operations.
paths:
  /sessions:
    post:
      tags:
        - Authentication
      operationId: createSession
      summary: Create A User Session
      description: >-
        Authenticate a user with username and password. Returns an auth_token
        that is used as a Bearer credential in subsequent requests.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SessionRequest'
      responses:
        '200':
          description: Session created.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SessionResponse'
        '401':
          description: Invalid credentials.
  /refresh-access-token:
    post:
      tags:
        - Authentication
      operationId: refreshAccessToken
      summary: Refresh Access Token
      description: >-
        Exchange a long-lived user token for a short-lived system token used to
        authorize calls against the BigID REST API. Pass the user token in the
        Authorization header.
      security:
        - BearerAuth: []
      responses:
        '200':
          description: System token issued.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TokenResponse'
        '401':
          description: Invalid user token.
components:
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
  schemas:
    SessionRequest:
      type: object
      required:
        - username
        - password
      properties:
        username:
          type: string
          description: The BigID username.
        password:
          type: string
          description: The user's password.
    SessionResponse:
      type: object
      properties:
        success:
          type: boolean
        message:
          type: string
        auth_token:
          type: string
          description: JWT used to authorize subsequent API calls.
        username:
          type: string
        firstName:
          type: string
        permissions:
          type: array
          items:
            type: string
    TokenResponse:
      type: object
      properties:
        success:
          type: boolean
        systemToken:
          type: string
          description: Short-lived system token (JWT).