Access to our API is achieved via HTTPS requests to the
https://api.evrythng.com domain. A combination of API key, URL validation, and roles and permissions are used to determine the validity of each request.
All API requests must use one of the secure
wss protocols. Devices requiring extra configuration to use TLS should use the certificates available on the Security page.
Every request to our API must (unless otherwise stated) contain a valid API key in the
Authorization HTTP header to identify the user or application issuing the request and execute it if authorized.
Here is an example of a request to our API that returns the list of all the Thngs you have created. Note the appropriate use of the
curl -i -H "Accept: application/json" \ -H "Authorization: $APPLICATION_USER_API_KEY" \ -X GET "https://api.evrythng.com/thngs"
To make it easier for developers using embedded platforms, instead of sending the API key in the
Authorization header, you can simply append
?access_token=$APPLICATION_USER_API_KEY to any URL in the API. This request is equivalent to the one above:
curl -i -H "Accept: application/json" \ -X GET "https://api.evrythng.com/thngs?access_token=$APPLICATION_USER_API_KEY"
// Truncated key const OPERATOR_API_KEY = 'AGiWrH5OteA4aHiMFiwnwF08p3PQvPIr9GJXv...'; const operator = new EVT.Operator(OPERATOR_API_KEY); operator.thng().read().then(console.log);