Api Documentation

API Authentication

Overview

The BobPlus Africa API uses OAuth 2.0 authentication. You must obtain a Bearer Token using your Consumer Key and Consumer Secret before making any API requests. This ensures secure, authorized access to all endpoints.

Purpose: Secure API access using short-lived tokens.
Target Audience: Developers integrating with BobPlus Africa APIs.

Quickstart

Sign up for a BobPlus Africa Developer Account.
Get your Consumer Key and Consumer Secret from the dashboard.
Request a Bearer Token using the authentication endpoint.
Use the Bearer Token in the Authorization header for all API requests.

Authentication Endpoint

HTTP Method	POST
Endpoint URL	`/api/v2/auth/login`
Base URL	`https://prod-url-here`
Description	Obtain a Bearer Token using your Consumer Key and Secret.

Request Headers

Header	Type	Description	Required
Accept	string	application/json	Yes
Content-Type	string	application/json	Yes

Request Body

Field	Type	Description	Required
consumer_key	string	Your API consumer key	Yes
consumer_secret	string	Your API consumer secret	Yes

curl --location --request POST 'https://prod-url-here/api/v2/auth/login' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data-raw '{
    "consumer_secret": "XXXXXXXXXXXXXXXXXXXXXXXXXX",
    "consumer_key": "XXXXXXXXXXXXXXXXXXXX"
}'

Success Response

Field	Type	Description
success	boolean	Indicates if the request was successful
message	string	Response message
data.access_token	string	The Bearer Token
data.token_type	string	Token type ("bearer")
data.expires_in	integer	Token lifetime in seconds

{
    "success": true,
    "message": "Success",
    "data": {
        "access_token": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
        "token_type": "bearer",
        "expires_in": 3600
    }
}

The access_token must be included in all API requests in the following format:

Authorization: Bearer YOUR_ACCESS_TOKEN

Error Responses

Status Code	Example	Description
400	{"success": false, "message": "Invalid credentials."}	Bad Request
401	{"success": false, "message": "Unauthorized."}	Missing or invalid credentials
429	{"success": false, "message": "Rate limit exceeded."}	Too many requests
500	{"success": false, "message": "Internal server error."}	Server error

Security Best Practices

Keep your Consumer Key, Secret, and Bearer Token confidential.
Tokens expire after 3600 seconds (1 hour). Refresh as needed.
Rotate credentials regularly and revoke if compromised.
Use HTTPS for all API requests.

Support & Feedback

For help, contact support@bobplus.africa.
Feedback on this documentation? Let us know.

Terms of Use & Legal

By using this API, you agree to our Terms of Service and Privacy Policy. Do not share sensitive data or credentials.