< Back
You are here:

2.2 Login response

Login response

After checking the login parameters for the user and password, you need to send a response.

No registered user: It’s up to you to decide what you want to send. You can put an error in the response, so BOA will display the login screen again to the user.

"error": "nok",
"token": ""

Succesfull login

If the login is succesfull the response needs to contain some elements, so BOA can start with building the application you want. There are some main elements in the response you must provide:

  • Configuration data specific for the user, the appname, the language to use, radius of the button corners and a token.
  • Menu data to build the menu on the left side of the application. This is a multi-level menu that you define.
  • Topmenu data for the top menu, this is also a multi-level menu.

After processing this data, the application with the main options appears. This has the following look.

BOA application with left and top menu.

Configuration elements

The configuration has the following elements:

{ "login": "ok",
  "token": "eyJhbGI...0Ttctbk",
  "language": "EN",
  "appname": "Demo",
  "buttoncorner": 5,
  "company": [
     { "dossier": "000",
       "naam": "Firmanaam BVBA "

  • login: ok when the login is successfull.
  • token: an unique token is needed in the response. BOA will send this token with each request to your server.
  • language: language you want to use. This will be used for standard messages of BOA.
  • appname: will be displayed in the upper left corner of the application.
  • buttoncorner: defines the radius of the buttons. Value is from 1 to 99.
    • 1: straight corners
    • 99: rounded corners
  • infopages: url to help or info pages for the user. BOA displays a ‘?’ sign, to open this url.
  • company: an array with the possible companies. If the array has more than one element, a popup to choose will appear. This depends on your iAPI.

Purpose of the token: After login the token will be send with each request for the authorization. It is send as a Bearer authorization. This way your iAPI can check if the request is being send by an authorized user. If you want, you can use a JWT (Json Web Token) which is quite common to use. In the JWT you can put an expiry time for the token. This way a token can expire after some time. If someone has captured it, it will become inactive after the time it contains.

Of course, you are free to build a token as you like, in the format you want. It will be send with each request, and it is up to your iAPI to evaluate it, and to grant access or not. If a token is not valid, you can send an error in your response as follows:

"error": "Token is expired."

Previous 2.1 Login request
Next 2.3 Menu in response
Table of Contents