Skip to main content

App

An app access token allows app developers to perform actions on behalf of a bot account or a specific member in the community using Bettermode API. Bot accounts can perform all actions that a community admin can perform.

In order to generate app access token, first you should create an app.

note

Don't have an app yet? Follow the instructions here.

Generating access token

note

You can only generate and use app access token on communities that the app is published AND installed on. If the app is not installed in the community the following requests will result in Forbidden response.

You can generate an app access token using the following GraphQL query and basic HTTP authentication:

query {
  limitedToken(
    context:NETWORK, 
    networkId: "{networkId}", 
    entityId: "{networkId}", 
    impersonateMemberId: "{memberId}"
  ) {
    accessToken
  }
}

You should replace {networkId} with your community ID and {memberId} with the ID of the member that you want to perform API requests on behalf of. {clientId} and {clientSecret} in the POST request should be replaced with your App's client ID and client secret as well.

note

Not providing impersonateMemberId will will generate access token for a bot account.

A request with real values will look like:

query {
  limitedToken(
    context:NETWORK, 
    networkId: "CAx1mZ7I7a", 
    entityId: "CAx1mZ7I7a", 
    impersonateMemberId: "Dm12KzW34"
  ) {
    accessToken
  }
}

If your HTTP client doesn't support basic authentication using POST https://api.bettermode.com method, then you can provide the credentials in the Authorization header field instead:

  1. Join the client ID and client secret with a single colon (:).

  2. Encode the resulting string in base64 representation.

  3. Prepend the base64-encoded string with Basic and a space and send it as the Authorization header:

    Authorization: Basic YjkzZmE0NTItYTQ5ZGU5NTNlYTEwOmY3YTE0ZjFhN2ExN2E3ZTVmNzE3MjM4YWM2NDY4Zjdl
info

If your community is in the EU region (eu-central-1), you should use the EU graphql endpoint. Read more.

Using the generated access token

The limitedToken query results in the following response:

{
  "data": {
    "limitedToken": {
      "accessToken": "..."
    }
  }
}

You should pass the provided accessToken in all GraphQL requests in the header as followed:

Authorization: Bearer {accessToken}