Authentication and Authorization

Authentication

Token based API authentication is supported for the time being.

Creating API Token

You can get your API token by following these steps:

• Navigate to My Apps/Devices on the left hand side menu.
• Select/double click on your App/Device card from the list. If you do not have any App/Device created already refer Apps or Devices guide on how to create a Apps or Devices digital representation & token.
• On the App/Device definition page, select the API Authorizations tab.
• If a token has not been generated yet, you can create one by clicking on the lock button.
• Now copy the token and use it for your API authentication.

Authentication header for HTTP

For HTTP, token must be used in the Authorization header using HTTP Basic authentication scheme when your App/Device having a backend or is server-side, where HTTP headers can be specified. Otherwise, token can be used in the URL query string with the token as a parameter e.g. https://...?token=YOUR_API_TOKEN. However, latter method is not encouraged, unless your app is a frontend only app e.g. static webapp.

When using HTTP Basic authentication header, you must leave the username as blank and specify only the token as the password in the HTTP Basic authentication header.

In HTTP Basic authentication you need to use username and password separated by a single colon (":") character and the whole string needs to be base64 encoded.

e.g. Your HTTP header would looks like this:

...
Authorization: Basic  Base64( :YOUR_API_TOKEN )
...

where Base64() is a a base64 encoding function in your language/library

All connections must be established with TLS >= 1.2 to avoid compromising your token & data. When using SDK TLS is automatically handled by the implementation.

Authorization

If your App/Device has a separate backend/server, it is highly recommended to whitelist only your Domain or IP address(s) in the API Authorization tab of your App/Device configuration (navigate via My App & Device menu)