API Authentication
The BioStar Air Cloud API uses Bearer token (JWT)-based authentication. You must obtain a token through the login process before calling the API, and include it in the Authorization header of every request.
API Base URLs
| Environment | Base URL |
|---|---|
| Demo | https://demo-afs-api.airfob.com/v1/ |
| Production - Europe | https://e-afs-api.airfob.com/v1/ |
| Production - Korea | https://a-afs-api.airfob.com/v1/ (for all non-EU customers) |
API login flow
Make API calls with Postman or programmatically.
Log in
-
Endpoint:
login -
Payload:
{
"username": "your_email",
"password": "your_password"
}
Returns a Bearer token (JWT).
Get account information
-
Endpoint:
getSelfAccounts -
Authorization: Bearer Token
Returns a list of accessible sites and accounts.
Log in to an account
-
Endpoint:
loginAccount -
Authorization: Bearer Token
Returns a site-specific token.
How to get a Bearer token from a web browser
You can obtain the Bearer token directly from your browser using the developer tools, without Postman.
Chrome/Edge (Windows or Mac)
-
In the web browser, press F12 or Ctrl/Cmd + Shift + I.
-
Go to the Network tab.
-
Refresh the page.
-
Search for API calls.
e.g.,
groups,login -
Click the request in the list.
-
Go to the Headers tab.
-
In the request headers, find
Authorization: Bearer .... -
Right-click the token and copy it.
Safari (Mac)
-
Enable the Developer menu. In Safari, go to Preferences → Advanced and check Show Develop menu.
-
Go to Develop → Show Web Inspector.
-
Go to the Network tab.
-
Refresh the page.
-
Filter and inspect API calls.
-
Copy the
Authorization: Bearertoken from the request headers.
A Bearer token copied from the browser can be reused in Postman. Always use the latest Bearer token.