Step 1: Create a Read-Only "API User"
Bynder tokens inherit the permissions of the user they are assigned to.
1. Log into Bynder as an Admin.
2. Go to Settings > Users & rights > User management.
3. Create a new user (e.g., api_readonly_user).
4. Assign this user to a Permission Profile that has only "View" or "Read" permissions for assets and collections.
Tip: Ensure the user does not have "Manage" or "Delete" permissions.
Step 2: Generate the Token/Credentials
Choose the method that best fits your technical requirement.
Option A: OAuth 2.0
Best for applications that support the Client Credentials flow. This generates a Client ID and Client Secret.
1. Navigate to Settings > Advanced Settings > Portal settings.
2. Select OAuth Apps from the left-hand menu.
3. Click Register new application.
4. Grant Type: Select Client Credentials.
5. Assigned User: Search for and select the api_readonly_user you created in Step 1.
6. Scopes: Select only the "read" scopes:
asset:read
collection:read
meta.assetbank:read
current.user:read (Required for authentication handshake).
7. Click Register. Copy the Client ID and Client Secret immediately, as the secret will not be shown again.
Option B: Permanent Bearer Token
Best for simple scripts or tools where you want a single, long-lived string to put in an Authorization: Bearer <token> header.
Navigate to Settings > Advanced Settings > Portal settings.
Select Permanent Tokens.
Click Add new token.
Description: Give it a name (e.g., "Read-Only Script Token").
Assigned User: Select your
api_readonly_user.
Scopes: Select the necessary read-only resources (Assets, Collections, etc.).
Click Create token.
Copy the token now. It is a permanent string that does not expire unless revoked.