Access to the EVRYTHNG API is achieved using HTTPS requests to the domain. A combination of API key, URL validation, and roles and permissions determines the validity of each request.

All API requests must use one of the secure https, mqtts, or wss protocols. Devices requiring extra configuration for TLS use the certificates available on the Security page.

Authenticating Requests

Every request to our API must (unless otherwise stated) contain a valid API key in the Authorization HTTP header to identify the user or application issuing the request and execute it if authorized.

Here is an example of an API request that returns a list of Thngs. The Authorization header is sent in the request.

curl -i -H "Accept: application/json" \
  -H "Authorization: $APPLICATION_USER_API_KEY" \
  -X GET ""

Instead of sending the API key in the Authorization header, you can append ?access_token=$OPERATOR_API_KEY to any URL in the API:

curl -i -H "Accept: application/json" \

For JavaScript developers, evrythng.js only requires you to initialize a scope object with the right API key:

// User key
const OPERATOR_API_KEY = 'AGiWrH5Ote...';

const operator = new evrythng.Operator(OPERATOR_API_KEY);

operator.init().then(() => {