General API Security

All API calls are secured by a subscription key and an access token.

• The subscription key generally enables access to the Cloud API.

• The access token belongs to an individual user / device owner and therefore controls which devices and their data an end user is allowed to see.

Subscription Key

An active subscription key is mandatory and must be sent in the "x-api-key" header or the x-api-key query parameter of each call.

The subscription key (Primary Key or Secondary key) is assigned to your developer account used to login on the Developer Portal. You can subscribe for your own subscription key here.

The key can be used by several users. In most cases the developer will use his single subscription key for all requests of all clients using the solution. Alternatively a developer could create an individual subscription key for each of his clients.

Access Token

The access token limits access to your devices (the ones which have been registered to your account).
The registration of a device to your account is done via the mobile App during the cloud enable process. (more Info).

We are using OAuth 2.0 to provide an access token. The flow to get an access token is described in the following chapter: Description OAuth 2.0 authorization code flow