Skip to main content


This API provides a signed access token using a shared secret between bridgekeeper and a third party application per integration. Once obtained, the token is valid for ten minutes. The third party application must send the token, along with the domain for which the data is requested, for accessing protected data APIs in bridgekeeper.


  1. A realm should exist in bridgekeeper.
  2. An integration should be created for this realm with a Secret Key setup. (There is no UI to do this setup so you will require platform teams help to set it up for you.)
  3. A realm mapping should be created between this realm and any other realm this realm's users should have access to data for (e.g. admin would have access to frontend users)
  4. The integration details (integration id and secret) should be shared with the client.


You can make a GET call to /admin/access-token/integrations/<id>?secret=<secret>

Sample CURL

curl -X GET \
http://<publisher-website-url>/api/v1/admin/access-token/integrations/<integration-id>?secret=<integration-secret> \
-H 'Host: localhost:8001'

publisher-website-url - Website url of publisher eg: integration-id - Id of the integration set up with bridgekeeper and third party application eg: Accesstype,Metype

Sample response with valid JWT token

Status: 200

Body: {"token": <new JWT token>}

Sample response with valid integration id but invalid secret

Status: 401

Sample response with valid secret but invalid integration id

Status: 404