To accelerate the speed of software development and provide access to application features, the IoTConnect API is based around the REST framework. Our API is designed to expose API errors by using HTTP response codes and predictable, resource-oriented URLs. We use built-in HTTP characteristics, such as HTTP authentication and HTTP verbs, which are recognized by ready-to-use HTTP clients. Our APIs support cross-origin resource sharing, enabling you to communicate safely with our API from a client-side web application (although in the client-side software of any public website, you should never disclose your secret API key). For the request and response format, we have employed JSON.
The IoTConnect API uses the OAuth 2.0 protocol for authentication and authorization. Hence, if you have worked with OAuth 2.0 before, you will find getting started with IoTConnect API very straightforward.
The usage of tokens, strings that act as a key, is one of the striking features of OAuth 2.0. Tokens provide permissions to act on behalf of the user’s consent. The mechanism offers a couple of strong advantages to users. Firstly, apps don’t store passwords of users. And secondly, tokens get expired or can be officially canceled on a per-user basis.
End Point :https://authpoc.iotconnect.io (POC)
Below are the list of all API endpoints with respective environments
Following is the simple three-step process for getting started with IoTConnect API.
Make a request to /api/v2/Auth/basic-token. This API endpoint will generate the basic authentication token, which you will require in step 2.
Example Response
Response (Status 200):
{
"data": "[basic_token]",
"status": 200,
"message": "Basic token has been generated successfully"
}
To get an access token, make a request to /api/v2/Auth/login. During the access token request, you need to send the username and password in the request body. While in the request header, you need to submit a basic token (which you received in Step 1) and a solution key.
Request Headers:
{
"Authorization": “Basic [basic_token]”,
“solution-key”: “[ SOLUTION_KEY]”
“Content-type “: “application/json”
}
Request Body Parameters:
{
"username ": "string",
"password": "string"
}
Response (Status 200):
{
"token_type": "bearer",
"access_token": "[Access-Token]",
"expires_in": 3600,
"refresh_token": "[Refresh-Token]",
"status": 200
}
While making a request, use the access token, which you got in Step 2, in the request header. A single access token can grant varying degrees of access to multiple IoTConnect APIs.
Request Headers:
{
"Authorization": “Bearer [Access-Token]”
}
For example, we’ve queried the Device List API endpoint:
curl -X GET "[ENDPOINTS]/api/v1.1/Device"
-H "accept: text/plain"
H "Authorization: Bearer
Access tokens have a limited lifetime. The expires_in field in the get access token response indicates the lifetime of the access token in seconds. For example, an expiry value of 3600 indicates that the access token expires in two hours from the time the response was generated. If you need access to the IoTConnect APIs beyond the lifetime of an access token, get a refresh token. Nevertheless, you can generate new access at any time.
Now that you understand how to start using API endpoints of IoTConnect, you can start using it and can contact us as well, in case of any concern.
To construct a REST API request, combine these components:
Component | Description |
---|---|
The HTTP method |
|
Query parameters | Optional. Controls which data appears in the response. Use to filter, limit the size of, and sort the data in an API response. |
HTTP request headers | Includes the Authorization header with the access token. |
A JSON request body | Required for most GET , POST and PUT
calls. |
The commonly used HTTP request headers are:
Header | Description |
---|---|
Accept |
Accept: application/json |
Authorization |
Authorization: Bearer Access-Token |
Content-Type |
Content-Type: application/json |
IoTConnect API calls return HTTP status codes. Some API calls also return JSON response bodies that include information about the resource including one or more contextual HATEOAS links. Use these links to request more information about and construct an API flow that is relative to a specific request. Each REST API request returns a HTTP success or error status code.
In the responses, IoTConnect returns these HTTP status codes for successful requests:
Status code | Description |
---|---|
200 OK |
The request succeeded. |
201 Created |
A |
204 No Content |
The server successfully executed the method but returns no response body. |
In the responses for failed requests, IoTConnect returns HTTP 4XX
or
5XX
status codes.
For all errors except Identity errors, IoTConnect returns an error response body that includes additional error details in this format.
Status code | Cause |
---|---|
400 Bad Request |
The server could not understand the request. |
401 Unauthorized |
The request requires authentication and the caller did not provide valid credentials. |
403 Forbidden |
The client is not authorized to access this resource although it might have valid credentials. For example, the client does not have the correct OAuth 2 scope. Additionally, a business-level authorization error might have occurred. For example, the account holder does not have sufficient funds. |
404 Not Found |
The server did not find anything that matches the request URI. Either the URI is incorrect or the resource is not available. For example, no data exists in the database at that key. |
405 Method Not Allowed |
The service does not support the requested HTTP method. |
500 Internal Server Error |
A system or application error occurred. Although the client appears to provide a correct request, something unexpected occurred on the server. |
503 Service Unavailable |
The server cannot handle the request for a service due to temporary maintenance. |
The HTTP methods are:
Method | Description |
---|---|
DELETE |
Deletes a resource. |
GET |
Shows details for a resource or lists resources. |
POST |
Creates or manages a resource. |
PUT |
Updates a resource. |