LoginSign UpGet Demo
Get accountRequest Demo
DocumentationIntegrationsTools
BlogChangelogPricingLogin
Back

How to build a public Bonjoro integration: Building the Auth Flow

Aug 15, 20248 minute read

Hey there, fellow JavaScript enthusiast! Ready to dive into the world of Bonjoro integrations? Today, we're going to walk through building a rock-solid auth flow for your public Bonjoro integration. Buckle up, because we're about to make authentication both secure and smooth as butter.

Introduction

Bonjoro is an awesome tool for sending personalized video messages, and by building an integration, you're opening up a world of possibilities for your users. The cornerstone of any good integration is a robust auth flow. It's like the bouncer at an exclusive club – it keeps the riffraff out and lets the VIPs (your users) in with style.

Prerequisites

Before we jump in, make sure you've got:

  • Node.js installed (you're a JS dev, so I'm betting you do)
  • Your favorite code editor
  • Bonjoro API credentials (if you don't have these yet, hop over to Bonjoro's developer portal and grab 'em)

Setting up the project

Let's get this party started:

mkdir bonjoro-integration
cd bonjoro-integration
npm init -y
npm install express axios dotenv

Create a .env file for your secrets:

BONJORO_CLIENT_ID=your_client_id
BONJORO_CLIENT_SECRET=your_client_secret
REDIRECT_URI=http://localhost:3000/callback

Understanding Bonjoro's OAuth 2.0 flow

Bonjoro uses OAuth 2.0, which is like a fancy handshake between your app and Bonjoro. Here's the gist:

  1. Your app asks Bonjoro for permission
  2. User logs in and approves
  3. Bonjoro gives you a special code
  4. You trade that code for access tokens
  5. Use those tokens to make API requests

Implementing the auth flow

Initiating the authorization request

First, let's create a route to kick off the auth process:

const express = require('express');
const app = express();

app.get('/auth', (req, res) => {
  const authUrl = `https://app.bonjoro.com/oauth/authorize?client_id=${process.env.BONJORO_CLIENT_ID}&redirect_uri=${encodeURIComponent(process.env.REDIRECT_URI)}&response_type=code`;
  res.redirect(authUrl);
});

Handling the callback

Now, let's set up the callback to catch that sweet, sweet auth code:

app.get('/callback', async (req, res) => {
  const { code } = req.query;
  // We'll use this code in the next step
});

Exchanging the code for access tokens

Time to trade up! Let's exchange that code for some shiny access tokens:

const axios = require('axios');

// Inside your callback route
const tokenResponse = await axios.post('https://app.bonjoro.com/oauth/token', {
  grant_type: 'authorization_code',
  client_id: process.env.BONJORO_CLIENT_ID,
  client_secret: process.env.BONJORO_CLIENT_SECRET,
  code,
  redirect_uri: process.env.REDIRECT_URI
});

const { access_token, refresh_token } = tokenResponse.data;
// Store these tokens securely - we'll talk about this later

Implementing token refresh

Tokens don't last forever, so let's add a refresh mechanism:

async function refreshAccessToken(refresh_token) {
  const response = await axios.post('https://app.bonjoro.com/oauth/token', {
    grant_type: 'refresh_token',
    refresh_token,
    client_id: process.env.BONJORO_CLIENT_ID,
    client_secret: process.env.BONJORO_CLIENT_SECRET
  });
  return response.data.access_token;
}

Securing the auth flow

Security is sexy, so let's add some PKCE (Proof Key for Code Exchange) to our flow:

const crypto = require('crypto');

function generateCodeVerifier() {
  return crypto.randomBytes(32).toString('hex');
}

function generateCodeChallenge(verifier) {
  return crypto.createHash('sha256').update(verifier).digest('base64')
    .replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
}

// Use these in your /auth route
const codeVerifier = generateCodeVerifier();
const codeChallenge = generateCodeChallenge(codeVerifier);
// Add code_challenge and code_challenge_method=S256 to your auth URL

Making authenticated requests to Bonjoro API

Now that we're all authenticated, let's make some API calls:

async function getBonjoroData(accessToken) {
  const response = await axios.get('https://app.bonjoro.com/api/v2/me', {
    headers: { Authorization: `Bearer ${accessToken}` }
  });
  return response.data;
}

Error handling and edge cases

Always be prepared! Let's add some error handling:

app.use((err, req, res, next) => {
  console.error(err.stack);
  res.status(500).send('Something broke! But don\'t worry, we\'re on it.');
});

Testing the auth flow

Testing is crucial, so let's set up a quick test:

const assert = require('assert');

async function testAuthFlow() {
  // Simulate the auth flow here
  // Assert expected outcomes
}

testAuthFlow().catch(console.error);

Conclusion

And there you have it! You've just built a secure, robust auth flow for your Bonjoro integration. You're now ready to start building out the rest of your integration and unleash the full power of Bonjoro in your app.

Remember, the auth flow is the foundation of your integration. With this solid base, you can now add all sorts of cool features. The sky's the limit!

Keep coding, stay curious, and don't forget to send some awesome video messages with Bonjoro. Happy integrating!

Ship integrations on autopilot

Get Demo
Resources
DocumentationIntegrationsAPI Integration GuidesBlogChangelogPricingSupport
Legal
Terms of ServicePrivacy PolicyGoogle API
© 2024 Playbook Software Inc.