Authentication
Overview
Authentication is essential to ensure the security and integrity of data exchanged through our API. All endpoints that require authentication are secured using the Bearer token authentication scheme.
Before authenticating, you must first register a user and create an application. When an application is created, it is assigned a unique identifier called the APP_KEY. This key is used to identify and authorize devices (consumers) that want to interact with the API on behalf of the application.
Authentication tokens are issued to Consumers entities that represent individual devices. To obtain a token, a Consumer must register using the APP_KEY. Upon successful registration, the API returns a Bearer token, which is valid for a limited time and must be included in all subsequent authorized requests.
Before you start
To authenticate with the API, you must have:
APP_KEY– A unique identifier generated when you create an application.Consumers– The device registered. For more detailed information, see the following section: Consumers- Bearer Token – A token obtained after registering a Consumer, used for all protected endpoints.
If the token expires, the authentication flow will need to be repeated.
Endpoints
| Documentation |
|---|
| Events |
| Logs |
| Sessions |
Authentication Flow
Register a User and Create an Application
Before anything else, you must register a user and create an application within the system. When you create an app, the system will generate a unique identifier called the APP_KEY. This key allows the devices that use your app to authenticate themselves when registering as Consumers.
Note
The APP_KEY is essential for all further steps
Register a Consumer (Device)
Each device that uses your app must be registered as a Consumer. This is done by sending device-specific and user-related information to:
POST /api/consumer
Include your APP_KEY in the request payload (as per the API spec). This endpoint will either create or update a Consumer and return:
Consumer_idBearer token
More details about what data to send can be found in the Consumers section.
Use the Token for Authenticated Requests
Once you receive the token, include it in your request headers when accessing protected API routes:
| Header | Value |
|---|---|
| Authorization | Bearer {YOUR_AUTH_KEY} |
| Content-Type | application/json |
| Accept | application/json |
This token must be included in every request to endpoints that require authentication.
Security Guidelines
Never expose your token in client-side code or public repositories. Tokens grant access to user data and must be kept secure.
- All API requests must be made over HTTPS.
- Requests over HTTP or without a valid token will result in a 401 Unauthorized error.
- Use tools like Postman to test the authentication flow securely.
| Step | Endpoint | Purpose |
|---|---|---|
| 1. Create Consumer | POST /api/consumer |
Registers a user/device |
| 2. Get Token | GET /api/consumer/token |
Retrieves Bearer Token |
| 3. Use Token | (Any protected endpoint) | Authenticate requests |