MinBil API Docs
Documentation navigation

Overview

Docs HomeWorkshop StartCarOwner Start

Workshop Onboarding

Get Started01 API key setup02 API key in requests03 Auth testing04 Bearer token calls

Collections

Platform API Collection (Soft Launch)Soft Launch All EndpointsSoft Launch InteractiveFundamentalsCanonical Spec

API Reference

API RootWorkshop IndexWorkshop InteractiveWorkshop Auth InteractiveAll Workshop EndpointsCarOwner IndexCarOwner InteractiveCarOwner Auth InteractiveAll CarOwner EndpointsCore/Common IndexCore InteractiveAll Core Endpoints

Workshop Namespaces

AuthUserProfileWorkshopCoreWorkshopOwnershipRequestContactsAddressesOpeningHoursServicesManagersCertificatesSocialMediaBookingsRatingsServiceHistoryEmailVerificationNotificationsMessagesBrregLookupBookingStatusesCategoriesReportsServiceRecordsUsersAccessV2RealtimePresenceSupport

CarOwner Namespaces

AuthBookingBookingStatusCarBrandsCarOwnerPaymentsCarOwnerServiceRecordsCategoriesFavoritesMarketplaceMarketplaceCompatMarketplaceFiltersMessagesNotificationsPresenceProfileRatingsRealtimeServiceLogSettingsVehicles

Core Namespaces

CoreVehicleServiceHistoryWorkshopCommonCarOwnerCommon

Page Introduction

Onboarding step guide

This step gives implementation-level instructions for frontend engineers integrating authentication and protected Workshop calls.

  • Apply this step in your client API layer before feature work.
  • Use examples directly in local test environment.
  • Move to the next step only when this one is verified.

Choose next step

Back to onboardingOpen workshop auth interactiveOpen workshop try-it

Onboarding Step 4

How to call protected endpoints using Bearer token

After sign-in, use `access_token` as `Authorization: Bearer ...` for all Workshop endpoints protected by bearer auth.

Auth flow

  1. Call `POST /api/ws/auth/sign-in` with `x-api-key`.
  2. Store `access_token` securely in your app session/state layer.
  3. Send token in the `Authorization` header for protected requests.
  4. When token expires, call the refresh endpoint and update token state.

Axios example

import axios from "axios";

const BASE_URL = process.env.MINBIL_API_BASE_URL ?? "http://localhost:5000";
const API_KEY = process.env.MINBIL_API_KEY ?? "YOUR_API_KEY";

async function getWorkshopData(email: string, password: string) {
  const signIn = await axios.post(
    BASE_URL + "/api/ws/auth/sign-in",
    { email, password },
    {
      headers: {
        "Content-Type": "application/json",
        "x-api-key": API_KEY,
      },
      withCredentials: true,
    },
  );

  const accessToken = signIn.data?.access_token;

  const workshop = await axios.get(BASE_URL + "/api/ws/shop?full=true", {
    headers: {
      "Content-Type": "application/json",
      "x-api-key": API_KEY,
      Authorization: "Bearer " + accessToken,
    },
  });

  return workshop.data;
}

Common mistakes

  • Missing `x-api-key` even when bearer token is set.
  • Expired token without refresh handling.
  • Using tokens in the wrong environment (test token in production).