Bondora uses OAuth for its API authentication, while this is great for external service providers owning their own domain/app, it is also relatively cumbersome for stand alone applications/scripts.
So here are the steps I did to acquire a refresh token for using the API with curl.
First follow the link of the documentation to the “google OAuth playground”.
Most of the configuration should be preset by the link used. If you need it, you can add additional rights to the request (in my case reports where not part of the url): “BidsRead BidsEdit Investments SmBuy SmSell ReportRead ReportCreate”
On the other side, you need to register an app with bondora. You can set most of the values as you like, but you must set the callback URL back to google “https://developers.google.com/oauthplayground”.
After completing the registration, take the client id and secret and paste it into the google playground.
Clicking the authorize API button will initiate the process.
You get redirected to bondora to authorize the application with the requested permissions.
After accepting you will be redirected back to google.
Now you only have to request a token by clicking the exchange authorization code for tokens.
Now you got you token. Please keep in mind that the access token invalidates relatively quick and you should also keep the refresh token for background jobs.