API

Appearance

Obtaining API credentials

API access in iBinder is granted through API clients, which use the OAuth 2.0 client credentials flow. Each client belongs to a single organization and authenticates with a client_id and client_secret. This page walks through how an organization owner creates and manages those credentials.

For details on exchanging the credentials for a token, see Authentication.

By the end of this page you will have the three values every API call needs:

  • an organization id (sent on every request as x-ibinder-tenantid),
  • a client id, and
  • a client secret.

Before you start

API clients are not enabled by default. To get started:

  1. Contact iBinder support and ask them to enable API clients for your organization.
  2. Once enabled, organization owners will see a new API klienter page in the organization's left-hand menu.

Only organization owners can create or manage API clients.

How API clients work

  • Client credentials. Each client authenticates with a client_id and client_secret against signin.ibinder.com.
  • Scoped to one organization. A client only has access to the organization it was created in — it cannot reach data in other organizations on the same tenant.
  • Organization-wide. Within that organization, the client has access to all projects and resources. There is no per-project or per-resource scoping.
  • Role-based access. Each client is assigned one of three roles:
    • Reader (Läsare) — read-only access.
    • Creator (Skapare) — read and create.
    • Admin — full management access.

The labels in parentheses are the Swedish strings you will see in the current iBinder UI.

Choose the lowest role that satisfies the integration's needs.

Find your organization id

Every API request must carry an x-ibinder-tenantid header. The value to send is your Organisations id — a GUID that iBinder shows in the organization overview.

To find it:

  1. Open your organization in iBinder.
  2. Open the onboarding panel from the overview page (top-right of Översikt).
  3. Copy the value under Organisations id with the copy button next to it.

Finding the organization id in the iBinder UI

The same GUID appears in the URL after /organization/ when you're on the overview page, so you can also copy it from the address bar.

Terminology

In the API this value is called the tenant id (because of the x-ibinder-tenantid header), but in the UI it is labelled Organisations id. They are the same value.

Create an API client

1. Open the API clients page

In your organization, select API klienter ("API clients") from the left-hand menu. The page lists existing clients and lets you create new ones. The first time you visit, the list is empty.

Empty API clients list

2. Open the create dialog

Click Create client (Skapa klient) in the top-right corner to open the create-client dialog.

Create API client dialog

Fill in:

  • Name (Namn) — a descriptive name for the client (e.g. the name of the integration or system that will use it).
  • Role (Roll) — the role the client should have in this organization (Läsare, Skapare or Admin).

Click Create client (Skapa klient) to create the client.

3. Copy the client secret

After creation, iBinder shows the new client secret in a confirmation dialog.

New secret revealed

This is the only time the secret is shown

The client secret cannot be retrieved later. Copy it now and store it in a secure secret store (e.g. a password manager or your platform's secret manager).

If you lose the secret, you can reset the key to generate a new one — the old secret will stop working immediately.

Click Close (Stäng) to close the dialog.

4. Retrieve the client id

The client now appears in the API clients list. From this view you can copy the Client Id (Klient Id) at any time using the copy button next to it.

Client list with new client

You now have all three values you need to call the API: the organization id from earlier, the client id from the list, and the client secret you just copied. See Authentication for the token request and how to call the API, or jump straight to the Quickstart for an end-to-end example.

Manage API clients

From the API klienter list, each row exposes two management actions:

  • Reset key (Återställ nyckel) — generates a new client secret. The previous secret stops working immediately. The new secret is shown once, in the same dialog as during creation — copy it before closing.
  • Delete (Radera) — permanently removes the client. Any integration using its credentials will stop being able to authenticate.

The client's role is fixed at creation. To change a client's role, delete it and create a new one.

Reset a client key

If you lose a client secret, or suspect it has been exposed:

  1. Open the API klienter page.
  2. Find the client in the list and click Reset key (Återställ nyckel).
  3. Copy and store the new secret from the confirmation dialog — this is the only time it will be shown.
  4. Update any integrations using the client with the new secret.

The client id stays the same after a reset; only the secret changes.

Released under the MIT License.

Copyright © 2026 iBinder AB