Overview
With API Access, Bliro administrators can set up secure, programmatic access to the Bliro platform. This feature allows you to retrieve call information for all organization members using OAuth 2.0 client credentials. This article explains how to:
Create a Client Application in Bliro.
Obtain a Client ID and Client Secret.
Generate a new access token.
Use that token to retrieve call data from your organization.
Placeholder for an overview image
(Insert a diagram or screenshot illustrating how API Access fits into the Bliro ecosystem.)
Creating a New Client Application
1. Navigate to the Admin Dashboard
Go to API Access Settings
Ensure you have the appropriate admin permissions.
2. Click “Create Client Application”
3. Save
Once saved, a Client ID and Client Secret will be generated for you.
Important:
Keep your Client Secret secure. Anyone with this information can request an access token on your behalf.
You can rotate or revoke these credentials as needed for enhanced security.
Generating an Access Token
Once you have your Client ID and Client Secret, you can request an access token from Bliro’s authorization server. Bliro uses the OAuth 2.0 Client Credentials grant type to issue tokens.
Open a terminal or a REST client (e.g., Insomnia, Postman).
Run the following cURL command (or an equivalent HTTP POST request):
curl --request POST \
--url https://accounts.bliro.io/oauth/token \
--header 'Content-Type: application/json' \
--data '{
"grant_type": "client_credentials",
"audience": "https://api.bliro.io",
"client_id": "CLIENTID",
"client_secret": "CLIENTSECRET"
}'
Replace:
CLIENTID with your actual Client ID.
CLIENTSECRET with your actual Client Secret.
Upon success, the response will include an access_token field and an expires_in field. Store the token securely.
Current Scope and Limitations
At present, the newly created application automatically has one scope:
org:calls:read
This scope gives you the ability to retrieve call records for all users in your organization. You can apply filters to narrow down the data you need. To learn more about retrieving calls, see our API documentation.
Note: Scopes cannot be customized yet. Future updates will allow administrators to select granular permissions.
Making API Requests
When calling the Bliro API, include the access token in the Authorization header as a Bearer token. For example:
curl --request GET \
--url https://api.bliro.io/v3/calls \
--header 'Authorization: Bearer ACCESS_TOKEN'
Where ACCESS_TOKEN is the token obtained in the previous step.
Troubleshooting
Invalid Credentials: If you receive an invalid_client error, double-check the Client ID and Client Secret.
Expired Token: If your token has expired, you’ll need to request a new one using the same Client ID and Client Secret.
Insufficient Permissions: Currently, only org:calls:read scope is available. If you need additional scopes, stay tuned for upcoming feature releases or contact our Support.
Frequently Asked Questions (FAQ)
Q: Can I limit the scope to specific teams or users?
A: Not at the moment. The API Access feature currently grants access to all calls within an organization. Future enhancements will allow more granular scopes.
Q: How do I filter calls by date, user, or other parameters?
A: Refer to our documentation for retrieving calls, which details the query parameters you can use to filter calls.
Q: What if I need to revoke a token immediately?
A: You can delete your Client Secret from the Admin Dashboard. This renders any previously issued tokens invalid.
Next Steps
Rotate Credentials Regularly: Protect your Client Secret by recreating the client applicaion periodically.
Secure Token Storage: Store tokens securely and never commit them to version control.