Authentication

Suggest Edits

Access to our API is achieved via HTTPS requests to the https://api.evrythng.com domain. A combination of API key, URL validation, and roles and permissions are used to determine the validity of each request.

All API requests must use one of the secure https, mqtts, or wss protocols. Devices requiring extra configuration to use TLS should use the certificates available on the Security page.

Authenticating Requests

Every request to our API must (unless otherwise stated) contain a valid API key in the Authorization HTTP header to identify the user or application issuing the request and execute it if authorized.

Here is an example of a request to our API that returns the list of all the Thngs you have created. Note the appropriate use of the Authorization header.

Authenticate with a header

curl -i -H "Accept: application/json" \
  -H "Authorization: $APPLICATION_USER_API_KEY" \
  -X GET "https://api.evrythng.com/thngs"

As an alternative, instead of sending the API key in the Authorization header, you can simply append ?access_token=$APPLICATION_USER_API_KEY to any URL in the API. This request is equivalent to the one above:

Authenticate with query parameter

curl -i -H "Accept: application/json" \
  -X GET "https://api.evrythng.com/thngs?access_token=$APPLICATION_USER_API_KEY"

For JavaScript developers evrythng.js makes this even easier by only requiring you to initialise a scope object with the right API key:

Authenticate as an operator

// Truncated key
const APPLICATION_API_KEY = 'AGiWrH5Ote...';

const app = new evrythng.Application(APPLICATION_API_KEY);

app.product().read()
  .then(console.log)
  .catch(console.log);

Updated 9 months ago

EVRYTHNG Developer Hub

Developer Hub

Featured Pages

Search results for "{{ search.query }}"

Authentication

Authenticating Requests

Authentication

Suggested Edits are limited on API Reference Pages