API Resources

Last updated 01/06/2023


The Bread & Butter API acts as a broker for identity providers. To initiate a login request you simply post to our authorization interface with the required information.

For GetAuthentication you need to pass your app_id and app_secret for authentication. These can be found at App Settings and App Secrets.


Bread & Butter uses HTTP response codes to indicate the success or failure of a request.

HTTP Status Descriptions
200 - OKAll good.
302 - RedirectUsed by the browser during the redirection workflows for authentication.
400 - Bad RequestBad request or invalid application configuration.
401 - UnauthorizedRequest not authorized.
404 - Not FoundCould not find requested resource.
500 - Internal Server ErrorError with the LogonLabs service.

Callback URL

After redirecting the user to the desired Identity Provider, the Callback URL is used to transfer control from BreadButter back to your system.

Once a user has authenticated with an Identity Provider, BreadButter will invoke your Callback URL with an ‘app_id’ and ‘authentication_token’ as query string parameters. Your system will need to implement code that gets the ‘authentication_token’ from the query string and then calls ‘GetAuthentciation’ to determine if the login attempt was a success. After checking the results of ‘GetAuthentication’, the normal user authentication workflow can resume (ie. creating the user’s session, creating cookies, redirecting to a default page, etc).