BSN.Cloud Breaking Changes

6min

brightsign changed the authentication server used by bsn cloud in 2024 to be able to support single sign on (sso), multi factor authentication (mfa), and other standard protocols such as openid connect, oauth 2 0, and saml existing users of our apis use the oauth2 “ resource owner password flow ” to obtain access and refresh tokens those tokens are used in each api call to get data as a result of changing the authentication server, we have implemented the oauth2 “ client credentials flow ” to allow customers to self serve their credentials (client id and secret) and to allow for more granular control of what the resulting tokens can do, improving security client credentials are used when clients (applications and services) want to obtain access on behalf of themselves rather than on behalf of a user for example, these credentials can be useful for background services that apply changes to the system in general rather than for a specific user the existing “ resource owner password flow ” approach will not work with the new “ client credentials flow ” workflow, so all customers that directly use our apis must update their existing code and scripts we will be decommissioning the legacy bsn cloud api token endpoint, some of our older apis, and older versions of brightauthor\ connected later in 2025 to give customers time to make the required changes the exact date of decommissioning will be communicated separately brightauthor\ connected version compatibility customers must upgrade to brightauthor\ connected version 1 59 or later to continue to be able to login to bsn cloud bsn cloud api deprecations the following apis and api endpoints should no longer be used alternative implementations are provided, as shown in the table below the legacy endpoints will be decommissioned later in 2025 type obsolete endpoints update to endpoint https //api bsn cloud/2022/06/rest/token https //api bsn cloud/2022/06/rest/token https //auth bsn cloud/realms/bsncloud/protocol/openid connect/token https //auth bsn cloud/realms/bsncloud/protocol/openid connect/token api https //api bsn cloud/2019/03/rest/ https //api bsn cloud/2019/03/rest/ https //api bsn cloud/2022/06/rest/ https //api bsn cloud/2022/06/rest/ api https //api bsn cloud/2020/07/rest/ https //api bsn cloud/2020/07/rest/ https //api bsn cloud/2022/06/rest/ https //api bsn cloud/2022/06/rest/ api https //api bsn cloud/2020/10/rest/ https //api bsn cloud/2020/10/rest/ https //api bsn cloud/2022/06/rest/ https //api bsn cloud/2022/06/rest/ api https //provision bsn cloud/rest device/v1 https //provision bsn cloud/rest device/v1 https //provision bsn cloud/rest device/v2 https //provision bsn cloud/rest device/v2 api https //provision bsn cloud/rest setup/v1 https //provision bsn cloud/rest setup/v1 https //provision bsn cloud/rest setup/v3 https //provision bsn cloud/rest setup/v3 api https //provision brightsignnetwork com https //provision brightsignnetwork com https //provision bsn cloud https //provision bsn cloud note that the existing upload api endpoint, https //api bsn cloud/upload/2019/03/rest/ , remains unchanged and will continue to work api workflow changes to obtain a new client id and secret, get access tokens, select a network, and use the api, see 2025 api usage guide docid\ hbyhyv8svq0u6bzhuv50 do not use the legacy token endpoint to get an access token ( https //api bsn cloud/2022/06/rest/token ), as this is being deprecated rotating client secrets see 2025 api usage guide docid\ hbyhyv8svq0u6bzhuv50 faq i use bsn cloud via ba\ connected only do i need to do anything? no, these changes only affect bsn cloud users that access apis directly with code or scripts i use bsn cloud via the apis using scripts only, do i have to do this? yes, you must make the changes described above if you do not, your scripts will cease to function i use bsn cloud via the apis using code, do i have to do this? yes, you must make the changes described above if you do not, your code will cease to function what is the deadline for this? when will the legacy apis and token endpoints be decommissioned? the apis and token endpoints will be decommissioned later in 2025 we will be proactively monitoring the usage of the endpoints to determine the appropriate time to do this how will the decommissioning date be communicated? we will contact all our customers via email and their account managers where applicable there will be several communications up until the decommissioning date how do i obtain a new client id and secret? you will need to use the new brightsign admin panel to create a new application to obtain a new client id and secret how do i know what scopes to allocate to my application? for information about what scopes are required for each api call, see the bsn cloud main apis docid\ goemci9nmvgakttr5qcjs how long does the new access token lifetime last? 5 minutes 30 seconds how long does network session lifetime last? 24 hours are refresh tokens supported? no, refresh tokens are no longer supported with the oauth2 “ client credentials flow ” can i still use the old legacy api token endpoint with a new client id and secret? you should not do this, although it will work the legacy api token endpoint will cease to work later in 2025 what if i suspect my client secret has been compromised? you should use the new admin panel to rotate the secret and then continue to use the old secret until it no longer works, then use the new secret are there other ways to handle a compromised client secret? yes, you can simply delete the application this will destroy the existing client id and secret you can create another application to obtain a new client id and secret do client secrets expire? yes, client secrets expire every 180 days you should rotate them automatically or manually on or before they expire further information for further information contact support\@brightsign biz mailto\ support\@brightsign biz