> For clean Markdown of any page, append .md to the page URL. > For a complete documentation index, see https://docs.bizmail-delivery.bizfly.vn/llms.txt. > For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.bizmail-delivery.bizfly.vn/_mcp/server. # Token POST https://api/1.0/auth/token Content-Type: multipart/form-data # BizMail API 1.0 — Authentication --- ## 🇬🇧 English > **Note:** Username and password are generated in the **BizMail Portal**. Please log in to your account at the portal to obtain your credentials before calling these APIs. --- ### 1\. Generate Token **`POST /api/1.0/auth/token`** Generate a JWT access token and refresh token using your BizMail Portal credentials. #### Headers | Key | Value | Required | | --- | --- | --- | | Content-Type | application/json | ✅ | #### Body (JSON) | Field | Type | Required | Description | | --- | --- | --- | --- | | username | string | ✅ | Username created in BizMail Portal | | password | string | ✅ | Password created in BizMail Portal | #### Example Request ``` json { "username": "user@example.com", "password": "your_password" } ``` #### Responses **200 OK — Success** ``` json { "success": true, "access_token": "", "refresh_token": "", "token_type": "Bearer", "expires_in": 86400 } ``` | Field | Type | Description | | --- | --- | --- | | access_token | string | JWT token for API authentication. Expires in **1 day** | | refresh_token | string | Token used to renew the access token. Expires in **90 days** | | token_type | string | Always `Bearer` | | expires_in | integer | Access token lifetime in seconds (86400 = 1 day) | **400 Bad Request** ``` json { "success": false, "message": "username and password are required" } ``` **401 Unauthorized** ``` json { "success": false, "message": "Invalid credentials" } ``` **500 Internal Server Error** ``` json { "success": false, "message": "Internal server error" } ``` --- ### 2\. Refresh Token **`POST /api/1.0/auth/refresh`** Use the `refresh_token` to get a new pair of access token and refresh token without re-entering credentials. #### Headers | Key | Value | Required | | --- | --- | --- | | Content-Type | application/json | ✅ | #### Body (JSON) | Field | Type | Required | Description | | --- | --- | --- | --- | | refresh_token | string | ✅ | The refresh token received from `/auth/token` | #### Example Request ``` json { "refresh_token": "" } ``` #### Responses **200 OK — Success** ``` json { "success": true, "access_token": "", "refresh_token": "", "token_type": "Bearer", "expires_in": 86400 } ``` **400 Bad Request** ``` json { "success": false, "message": "refresh_token is required" } ``` **401 Unauthorized — Token expired** ``` json { "success": false, "message": "Refresh token expired" } ``` **401 Unauthorized — Invalid token** ``` json { "success": false, "message": "Invalid refresh token" } ``` --- ### Usage Flow ``` 1. Call POST /api/1.0/auth/token → get access_token + refresh_token 2. Use access_token in all API requests: Authorization: Bearer 3. When access_token expires (after 1 day): Call POST /api/1.0/auth/refresh → get new access_token + refresh_token 4. When refresh_token expires (after 90 days): Repeat step 1 ``` --- --- ## 🇻🇳 Tiếng Việt > **Lưu ý:** Username và password được tạo trên **BizMail Portal**. Vui lòng đăng nhập vào tài khoản của bạn trên portal để lấy thông tin đăng nhập trước khi gọi các API này. --- ### 1\. Lấy Token **`POST /api/1.0/auth/token`** Tạo JWT access token và refresh token từ thông tin đăng nhập trên BizMail Portal. #### Headers | Key | Value | Bắt buộc | | --- | --- | --- | | Content-Type | application/json | ✅ | #### Body (JSON) | Tham số | Kiểu | Bắt buộc | Mô tả | | --- | --- | --- | --- | | username | string | ✅ | Username được tạo trên BizMail Portal | | password | string | ✅ | Password được tạo trên BizMail Portal | #### Ví dụ Request ``` json { "username": "user@example.com", "password": "your_password" } ``` #### Responses **200 OK — Thành công** ``` json { "success": true, "access_token": "", "refresh_token": "", "token_type": "Bearer", "expires_in": 86400 } ``` | Trường | Kiểu | Mô tả | | --- | --- | --- | | access_token | string | JWT token dùng để xác thực API. Hết hạn sau **1 ngày** | | refresh_token | string | Token dùng để gia hạn access token. Hết hạn sau **90 ngày** | | token_type | string | Luôn là `Bearer` | | expires_in | integer | Thời hạn access token tính bằng giây (86400 = 1 ngày) | **400 Bad Request** ``` json { "success": false, "message": "username and password are required" } ``` **401 Unauthorized** ``` json { "success": false, "message": "Invalid credentials" } ``` **500 Internal Server Error** ``` json { "success": false, "message": "Internal server error" } ``` --- ### 2\. Refresh Token **`POST /api/1.0/auth/refresh`** Dùng `refresh_token` để lấy cặp token mới mà không cần nhập lại username/password. #### Headers | Key | Value | Bắt buộc | | --- | --- | --- | | Content-Type | application/json | ✅ | #### Body (JSON) | Tham số | Kiểu | Bắt buộc | Mô tả | | --- | --- | --- | --- | | refresh_token | string | ✅ | Refresh token nhận được từ `/auth/token` | #### Ví dụ Request ``` json { "refresh_token": "" } ``` #### Responses **200 OK — Thành công** ``` json { "success": true, "access_token": "", "refresh_token": "", "token_type": "Bearer", "expires_in": 86400 } ``` **400 Bad Request** ``` json { "success": false, "message": "refresh_token is required" } ``` **401 Unauthorized — Token hết hạn** ``` json { "success": false, "message": "Refresh token expired" } ``` **401 Unauthorized — Token không hợp lệ** ``` json { "success": false, "message": "Invalid refresh token" } ``` --- ### Luồng sử dụng ``` 1. Gọi POST /api/1.0/auth/token → nhận access_token + refresh_token 2. Dùng access_token cho tất cả API request: Authorization: Bearer 3. Khi access_token hết hạn (sau 1 ngày): Gọi POST /api/1.0/auth/refresh → nhận access_token + refresh_token mới 4. Khi refresh_token hết hạn (sau 90 ngày): Lặp lại bước 1 ``` Reference: https://docs.bizmail-delivery.bizfly.vn/biz-mail-delivery/auth/token ## OpenAPI Specification ```yaml openapi: 3.1.0 info: title: collection version: 1.0.0 paths: /api/1.0/auth/token: post: operationId: token summary: Token description: >- # BizMail API 1.0 — Authentication --- ## 🇬🇧 English > **Note:** Username and password are generated in the **BizMail Portal**. Please log in to your account at the portal to obtain your credentials before calling these APIs. --- ### 1\. Generate Token **`POST /api/1.0/auth/token`** Generate a JWT access token and refresh token using your BizMail Portal credentials. #### Headers | Key | Value | Required | | --- | --- | --- | | Content-Type | application/json | ✅ | #### Body (JSON) | Field | Type | Required | Description | | --- | --- | --- | --- | | username | string | ✅ | Username created in BizMail Portal | | password | string | ✅ | Password created in BizMail Portal | #### Example Request ``` json { "username": "user@example.com", "password": "your_password" } ``` #### Responses **200 OK — Success** ``` json { "success": true, "access_token": "", "refresh_token": "", "token_type": "Bearer", "expires_in": 86400 } ``` | Field | Type | Description | | --- | --- | --- | | access_token | string | JWT token for API authentication. Expires in **1 day** | | refresh_token | string | Token used to renew the access token. Expires in **90 days** | | token_type | string | Always `Bearer` | | expires_in | integer | Access token lifetime in seconds (86400 = 1 day) | **400 Bad Request** ``` json { "success": false, "message": "username and password are required" } ``` **401 Unauthorized** ``` json { "success": false, "message": "Invalid credentials" } ``` **500 Internal Server Error** ``` json { "success": false, "message": "Internal server error" } ``` --- ### 2\. Refresh Token **`POST /api/1.0/auth/refresh`** Use the `refresh_token` to get a new pair of access token and refresh token without re-entering credentials. #### Headers | Key | Value | Required | | --- | --- | --- | | Content-Type | application/json | ✅ | #### Body (JSON) | Field | Type | Required | Description | | --- | --- | --- | --- | | refresh_token | string | ✅ | The refresh token received from `/auth/token` | #### Example Request ``` json { "refresh_token": "" } ``` #### Responses **200 OK — Success** ``` json { "success": true, "access_token": "", "refresh_token": "", "token_type": "Bearer", "expires_in": 86400 } ``` **400 Bad Request** ``` json { "success": false, "message": "refresh_token is required" } ``` **401 Unauthorized — Token expired** ``` json { "success": false, "message": "Refresh token expired" } ``` **401 Unauthorized — Invalid token** ``` json { "success": false, "message": "Invalid refresh token" } ``` --- ### Usage Flow ``` 1. Call POST /api/1.0/auth/token → get access_token + refresh_token 2. Use access_token in all API requests: Authorization: Bearer 3. When access_token expires (after 1 day): Call POST /api/1.0/auth/refresh → get new access_token + refresh_token 4. When refresh_token expires (after 90 days): Repeat step 1 ``` --- --- ## 🇻🇳 Tiếng Việt > **Lưu ý:** Username và password được tạo trên **BizMail Portal**. Vui lòng đăng nhập vào tài khoản của bạn trên portal để lấy thông tin đăng nhập trước khi gọi các API này. --- ### 1\. Lấy Token **`POST /api/1.0/auth/token`** Tạo JWT access token và refresh token từ thông tin đăng nhập trên BizMail Portal. #### Headers | Key | Value | Bắt buộc | | --- | --- | --- | | Content-Type | application/json | ✅ | #### Body (JSON) | Tham số | Kiểu | Bắt buộc | Mô tả | | --- | --- | --- | --- | | username | string | ✅ | Username được tạo trên BizMail Portal | | password | string | ✅ | Password được tạo trên BizMail Portal | #### Ví dụ Request ``` json { "username": "user@example.com", "password": "your_password" } ``` #### Responses **200 OK — Thành công** ``` json { "success": true, "access_token": "", "refresh_token": "", "token_type": "Bearer", "expires_in": 86400 } ``` | Trường | Kiểu | Mô tả | | --- | --- | --- | | access_token | string | JWT token dùng để xác thực API. Hết hạn sau **1 ngày** | | refresh_token | string | Token dùng để gia hạn access token. Hết hạn sau **90 ngày** | | token_type | string | Luôn là `Bearer` | | expires_in | integer | Thời hạn access token tính bằng giây (86400 = 1 ngày) | **400 Bad Request** ``` json { "success": false, "message": "username and password are required" } ``` **401 Unauthorized** ``` json { "success": false, "message": "Invalid credentials" } ``` **500 Internal Server Error** ``` json { "success": false, "message": "Internal server error" } ``` --- ### 2\. Refresh Token **`POST /api/1.0/auth/refresh`** Dùng `refresh_token` để lấy cặp token mới mà không cần nhập lại username/password. #### Headers | Key | Value | Bắt buộc | | --- | --- | --- | | Content-Type | application/json | ✅ | #### Body (JSON) | Tham số | Kiểu | Bắt buộc | Mô tả | | --- | --- | --- | --- | | refresh_token | string | ✅ | Refresh token nhận được từ `/auth/token` | #### Ví dụ Request ``` json { "refresh_token": "" } ``` #### Responses **200 OK — Thành công** ``` json { "success": true, "access_token": "", "refresh_token": "", "token_type": "Bearer", "expires_in": 86400 } ``` **400 Bad Request** ``` json { "success": false, "message": "refresh_token is required" } ``` **401 Unauthorized — Token hết hạn** ``` json { "success": false, "message": "Refresh token expired" } ``` **401 Unauthorized — Token không hợp lệ** ``` json { "success": false, "message": "Invalid refresh token" } ``` --- ### Luồng sử dụng ``` 1. Gọi POST /api/1.0/auth/token → nhận access_token + refresh_token 2. Dùng access_token cho tất cả API request: Authorization: Bearer 3. Khi access_token hết hạn (sau 1 ngày): Gọi POST /api/1.0/auth/refresh → nhận access_token + refresh_token mới 4. Khi refresh_token hết hạn (sau 90 ngày): Lặp lại bước 1 ``` tags: - subpackage_auth responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/Auth_Token_Response_200' '401': description: Unauthorized content: application/json: schema: $ref: >- #/components/schemas/PostApi1.0AuthTokenRequestUnauthorizedError requestBody: content: multipart/form-data: schema: type: object properties: username: type: string password: type: string required: - username - password servers: - url: https:/ description: https://{uri} components: schemas: Auth_Token_Response_200: type: object properties: success: type: boolean access_token: type: string refresh_token: type: string token_type: type: string expires_in: type: integer required: - success - access_token - refresh_token - token_type - expires_in title: Auth_Token_Response_200 PostApi1.0AuthTokenRequestUnauthorizedError: type: object properties: success: type: boolean message: type: string required: - success - message title: PostApi1.0AuthTokenRequestUnauthorizedError ``` ## Examples **Request** ```json { "username": "string", "password": "string" } ``` **Response** ```json { "success": true, "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiNjFkNjRlMmYyMTE5MjkzODM3M2JmMWYyIiwidXNlcm5hbWUiOiJiaXpmbHkiLCJkb21haW5fdXVpZCI6ImRmY2FlYjg2LWY0OWMtNGM4Ni04NjFmLWVlNjRkNWIyZTI0NSIsInR5cGUiOiJhY2Nlc3MiLCJpYXQiOjE3NzYwOTgzMDMsImV4cCI6MTc3NjE4NDcwM30.jxH1mqJpviCthYqtdy9ocH5nAkQ0H_DMqZCAXwmGVHc", "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoiNjFkNjRlMmYyMTE5MjkzODM3M2JmMWYyIiwidXNlcm5hbWUiOiJiaXpmbHkiLCJkb21haW5fdXVpZCI6ImRmY2FlYjg2LWY0OWMtNGM4Ni04NjFmLWVlNjRkNWIyZTI0NSIsInR5cGUiOiJyZWZyZXNoIiwiaWF0IjoxNzc2MDk4MzAzLCJleHAiOjE3ODM4NzQzMDN9.ptaZfFkN2-bkxPDXUcQu_PXKTFCXsuhe6O7wZMXb_D", "token_type": "Bearer", "expires_in": 86400 } ``` **SDK Code** ```python Auth_Token_example import requests url = "https://https/api/1.0/auth/token" payload = "-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"username\"\r\n\r\nstring\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"password\"\r\n\r\nstring\r\n-----011000010111000001101001--\r\n" headers = {"Content-Type": "multipart/form-data; boundary=---011000010111000001101001"} response = requests.post(url, data=payload, headers=headers) print(response.json()) ``` ```javascript Auth_Token_example const url = 'https://https/api/1.0/auth/token'; const form = new FormData(); form.append('username', 'string'); form.append('password', 'string'); const options = {method: 'POST'}; options.body = form; try { const response = await fetch(url, options); const data = await response.json(); console.log(data); } catch (error) { console.error(error); } ``` ```go Auth_Token_example package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "https://https/api/1.0/auth/token" payload := strings.NewReader("-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"username\"\r\n\r\nstring\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"password\"\r\n\r\nstring\r\n-----011000010111000001101001--\r\n") req, _ := http.NewRequest("POST", url, payload) res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) } ``` ```ruby Auth_Token_example require 'uri' require 'net/http' url = URI("https://https/api/1.0/auth/token") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true request = Net::HTTP::Post.new(url) request.body = "-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"username\"\r\n\r\nstring\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"password\"\r\n\r\nstring\r\n-----011000010111000001101001--\r\n" response = http.request(request) puts response.read_body ``` ```java Auth_Token_example import com.mashape.unirest.http.HttpResponse; import com.mashape.unirest.http.Unirest; HttpResponse response = Unirest.post("https://https/api/1.0/auth/token") .body("-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"username\"\r\n\r\nstring\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"password\"\r\n\r\nstring\r\n-----011000010111000001101001--\r\n") .asString(); ``` ```php Auth_Token_example request('POST', 'https://https/api/1.0/auth/token', [ 'multipart' => [ [ 'name' => 'username', 'contents' => 'string' ], [ 'name' => 'password', 'contents' => 'string' ] ] ]); echo $response->getBody(); ``` ```csharp Auth_Token_example using RestSharp; var client = new RestClient("https://https/api/1.0/auth/token"); var request = new RestRequest(Method.POST); request.AddParameter("undefined", "-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"username\"\r\n\r\nstring\r\n-----011000010111000001101001\r\nContent-Disposition: form-data; name=\"password\"\r\n\r\nstring\r\n-----011000010111000001101001--\r\n", ParameterType.RequestBody); IRestResponse response = client.Execute(request); ``` ```swift Auth_Token_example import Foundation let parameters = [ [ "name": "username", "value": "string" ], [ "name": "password", "value": "string" ] ] let boundary = "---011000010111000001101001" var body = "" var error: NSError? = nil for param in parameters { let paramName = param["name"]! body += "--\(boundary)\r\n" body += "Content-Disposition:form-data; name=\"\(paramName)\"" if let filename = param["fileName"] { let contentType = param["content-type"]! let fileContent = String(contentsOfFile: filename, encoding: String.Encoding.utf8) if (error != nil) { print(error as Any) } body += "; filename=\"\(filename)\"\r\n" body += "Content-Type: \(contentType)\r\n\r\n" body += fileContent } else if let paramValue = param["value"] { body += "\r\n\r\n\(paramValue)" } } let request = NSMutableURLRequest(url: NSURL(string: "https://https/api/1.0/auth/token")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error as Any) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume() ```