To accelerate the speed of software development and provide access to application features, the IoTConnect API is based around the REST framework. Our API is designed to expose API errors by using HTTP response codes and predictable, resource-oriented URLs. We use built-in HTTP characteristics, such as HTTP authentication and HTTP verbs, which are recognized by ready-to-use HTTP clients. Our APIs support cross-origin resource sharing, enabling you to communicate safely with our API from a client-side web application (although in the client-side software of any public website, you should never disclose your secret API key). For the request and response format, we have employed JSON.

The IoTConnect API uses the OAuth 2.0 protocol for authentication and authorization. Hence, if you have worked with OAuth 2.0 before, you will find getting started with IoTConnect API very straightforward.

The usage of tokens, strings that act as a key, is one of the striking features of OAuth 2.0. Tokens provide permissions to act on behalf of the user’s consent. The mechanism offers a couple of strong advantages to users. Firstly, apps don’t store passwords of users. And secondly, tokens get expired or can be officially canceled on a per-user basis.

End Point :https://authpoc.iotconnect.io (POC)

Following is the simple three-step process for getting started with IoTConnect API.

Step 1: Obtain a basic token

Make a request to /api/v2/Auth/basic-token. This API endpoint will generate the basic authentication token, which you will require in step 2.

Example Response

Response (Status 200):

"data": "[basic_token]",
"status": 200,
"message": "Basic token has been generated successfully"

Step 2: Get an access token

To get an access token, make a request to /api/v2/Auth/login. During the access token request, you need to send the username and password in the request body. While in the request header, you need to submit a basic token (which you received in Step 1) and a solution key.

Request Headers:

"Authorization": “Basic [basic_token]”,
“solution-key”: “[ SOLUTION_KEY]”
“Content-type “: “application/json”

Request Body Parameters:

"username ": "string",
"password": "string"

Response (Status 200):

"token_type": "bearer",
"access_token": "[Access-Token]",
"expires_in": 3600,
"refresh_token": "[Refresh-Token]",
"status": 200

Step 3: Use the access token to make requests

While making a request, use the access token, which you got in Step 2, in the request header. A single access token can grant varying degrees of access to multiple IoTConnect APIs.

Request Headers:

"Authorization": “Bearer [Access-Token]”

For example, we’ve queried the Device List API endpoint:

curl -X GET "[ENDPOINTS]/api/v1.1/Device"
-H "accept: text/plain"
H "Authorization: Bearer

Access tokens have a limited lifetime. The expires_in field in the get access token response indicates the lifetime of the access token in seconds. For example, an expiry value of 3600 indicates that the access token expires in two hours from the time the response was generated. If you need access to the IoTConnect APIs beyond the lifetime of an access token, get a refresh token. Nevertheless, you can generate new access at any time.

Now that you understand how to start using API endpoints of IoTConnect, you can start using it and can contact us as well, in case of any concern.

API requests

To construct a REST API request, combine these components:

Component Description
The HTTP method
  • GET. Requests data from a resource.
  • POST. Submits data to a resource to process.
  • PUT. Updates a resource.
  • DELETE. Deletes a resource.
Query parameters Optional. Controls which data appears in the response. Use to filter, limit the size of, and sort the data in an API response.
HTTP request headers Includes the Authorization header with the access token.
A JSON request body Required for most GET, POST and PUT calls.

HTTP request headers

The commonly used HTTP request headers are:

Header Description
Accept: application/json
Authorization: Bearer Access-Token
Content-Type: application/json

API responses

IoTConnect API calls return HTTP status codes. Some API calls also return JSON response bodies that include information about the resource including one or more contextual HATEOAS links. Use these links to request more information about and construct an API flow that is relative to a specific request. Each REST API request returns a HTTP success or error status code.

HTTP success status codes

In the responses, IoTConnect returns these HTTP status codes for successful requests:

Status code Description
200 OK

The request succeeded.

201 Created

A POST method successfully created a resource. If the resource was already created by a previous execution of the same method, for example, the server returns the HTTP 200 OK status code.

204 No Content

The server successfully executed the method but returns no response body.

HTTP error status codes

In the responses for failed requests, IoTConnect returns HTTP 4XX or 5XX status codes.

For all errors except Identity errors, IoTConnect returns an error response body that includes additional error details in this format.

Status code Cause
400 Bad Request

The server could not understand the request.

401 Unauthorized

The request requires authentication and the caller did not provide valid credentials.

403 Forbidden

The client is not authorized to access this resource although it might have valid credentials. For example, the client does not have the correct OAuth 2 scope. Additionally, a business-level authorization error might have occurred. For example, the account holder does not have sufficient funds.

404 Not Found

The server did not find anything that matches the request URI. Either the URI is incorrect or the resource is not available. For example, no data exists in the database at that key.

405 Method Not Allowed

The service does not support the requested HTTP method.

500 Internal Server Error

A system or application error occurred. Although the client appears to provide a correct request, something unexpected occurred on the server.

503 Service Unavailable

The server cannot handle the request for a service due to temporary maintenance.

The HTTP methods are:

Method Description

Deletes a resource.


Shows details for a resource or lists resources.


Creates or manages a resource.


Updates a resource.