Authenticate as a user to perform ad-hoc queries or engineer-level tasks. This method requires a username (email) and password.
Not for Automation
This method requires a specific user’s credentials and is not recommended for CI/CD pipelines. For automated integration, use M2M Authentication. SSO Not Supported
This authentication method does not work with SSO (SAML, OIDC federation). Users must have a dedicated username and password configured directly in Keycloak. This approach ties API usage to individual BTP users and respects RBAC permissions.
Password Grant Flow
Use this flow for interactive access where you can securely provide your user credentials.
Request
# 1. Set your credentials
export BINARLY_EMAIL="your-email@example.com"
export BINARLY_PASSWORD="your-password"
# Replace {slug} with your organization's tenant identifier
export BINARLY_AUTH_URL="https://auth-{slug}.binarly.cloud/realms/BinarlyRealm/protocol/openid-connect/token"
# 2. Request the token
curl -v -s -H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "grant_type=password" \
--data-urlencode "scope=openid" \
--data-urlencode "client_id=BinarlyClient" \
--data-urlencode "username=${BINARLY_EMAIL}" \
--data-urlencode "password=${BINARLY_PASSWORD}" \
"${BINARLY_AUTH_URL}"
Response
The response contains the access_token needed for API requests.
{
"access_token": "eyJhbGciOiJSUzI1NiIs...",
"token_type": "Bearer",
"expires_in": 1800
}
Next Steps
Include this token in the Authorization header of your API requests:
Authorization: Bearer <access_token> 
