Changes to the Authorization Process

Action required: We are deprecating the Beefree SDK’s legacy Authorization process.

Keeping Beefree SDK safe and secure is our top priority, so we wanted to let you know about upcoming changes to our authentication process. These changes will affect your application’s ability to interact with the SDK, so please read this article carefully.  

What’s changing

We're retiring our previous authorization starting on September 24, 2025 as part of our effort to standardize and simplify authentication.

This latest method only requires minimal changes for most applications, and brings several benefits:

• UID encryption to abstract identity handling from the client-side
• Improved token expiration policy
• Support for re-authorization flow without usage interruption

This transition allows us to reduce technical debt, streamline token handling, and ensure consistent behavior across current and upcoming services.

If you haven’t already migrated, please switch to the updated method as soon as possible.  

!!! To avoid interruptions for you and your users, please ensure your application uses our new authentication process (V2) before September 24, 2025. !!!

About migrating to the V2 authentication process

Here’s what you need to do:

1. Check if your application still relies on the legacy auth process. If you’re still authenticating via https://auth.getbee.io/apiauth, you’re relying on the legacy authentication and will need to update your integration. 
2. If necessary, implement the new auth process via the /loginV2  endpoint and ensure your application is set up to handle the updated UID handling and token refresh process. 

To adopt the V2 authentication process, you need to:

• Use the /loginV2 endpoint to request your token.
• Move the UID handling from client-side to server-side logic. The new authentication flow requires three parameters—client_id, client_secret, and UID—to be passed from your backend during the login request.
• (Optional) Implement support for token refresh by triggering a new login when the token expires.

You can find all details on how to implement the V2 Auth process in our developer docs.

Timeline

We're retiring the old authentication method with a phased approach—starting with planned brownouts and ending in permanent removal. This gradual rollout is designed to minimize disruption, surface any lingering dependencies in real-world environments, and give our customers plenty of time (and clear signals) to adapt.

The first brownout marks the beginning of the transition, after which the old method will become increasingly unavailable until it is fully decommissioned on January 27, 2026.

September 24, 2025:  First Brownout
We’ll temporarily switch production traffic to the V2 authentication process for 2 hours. The two hours will be broken into two one-hour time slots. The first one-hour time slot is 3:00am-4:00am EDT. The second one-hour time slot is from 12:00pm-1:00pm EDT.

If your integration still uses the old authentication method, you may experience temporary issues during this window. This is a warning signal; please update to the V2 process before this date to avoid any impact.

October 15, 2025:  Second Brownout
We cut over to the V2 auth process for 6 hours in production. The six hours will be broken into three two-hour time slots. The first two-hour time slot is 3:00am-5:00am EDT. The second two-hour time slot is 12:00pm-2:00pm EDT. The third two-hour time slot is 7:00pm-9:00pm EDT.

January 13, 2026: Third Brownout
We cut over to the V2 auth process for a total of 12 hours in production. The 12 hours will be broken into two six-hours time slots. The first six-hours time slot is 2:00am-8:00am EST. The second six-hour time slot is 3:00pm-9:00pm EDT.

January 27, 2026: Final rollout
Cut over to the V2 authentication process in production permanently. At this point, we will decommission the old endpoint and auth process.

You can find all details about the upcoming brownout times on our status page. 

If you have any questions about the changes, whether your application is impacted, or how to implement the update, just reply to this email or reach out to your Customer Success Manager. We’re here to help.