SecuriThings Developer CenterSecuriThings Developer Center
Quick Start

Authentication

SecuriThings API uses the OAuth 2.0 protocol with JWT for authentication and authorization.

For each request made to our API, a Bearer token must be provided in the Authorization header, this token is JWT containing information about the user and the permissions they have.

Getting credentials for the API

Each integration with the SecuriThings API requires a set of credentials. These credentials are used to generate a JWT token that is used to authenticate the user across the API.

Credentials are provided manually by the SecuriThings team. To get your credentials, please contact our support team or book a demo.

Credentials are composed of three parts:

  • organization: The tenant that the client belongs to.
  • client_id: A unique identifier for the client.
  • client_secret: A secret key that is used to generate the JWT token.

Getting a token

Using the credentials provided by the SecuriThings team, you can generate a JWT token by sending a POST request to the /token/<organization> endpoint.

client_id and client_secret should be provided using Basic Authentication.

Important

Running those commands will expose your credentials in the terminal history.

Make sure to clear the terminal history after running the commands or opt to use an API client.

curl -X POST \
  https://api.securithings.com/token/<organization> \
  -H 'Content-Type: application/json' \
  -H 'Authorization : Basic <base64(client_id:client_secret)>'

# or

curl -X POST \
  https://api.securithings.com/token/<organization> \
  -H 'Content-Type: application/json' \
  -u <client_id>:<client_secret>
bash

Expiration: A token has validity period of 1 hour by default. A new token should be generated after it expires

Refresh Token: One isn't provided by default, if you require a refresh token please contact our support team

Setting up

To set up Postman or Insomnia to use the SecuriThings API, you can see an example of how to set up the authentication in the following images.

A Postman Collection including the authentication setup can be found here.

Postman

  1. Open Postman and create a new request.
  2. In the Authorization tab, select OAuth 2.0 and set Add Authorization Data to to Request Headers.
  3. Set the Access Token URL to https://api.securithings.com/token/<organization>.
  4. Change the Grant Type to Client Credentials and fill in the fields with the credentials provided by the SecuriThings team.
  5. Change Client Authentication to Send as Basic Auth header.

An example of the configuration can be seen in the following image: Postman 0Auth2 Settings Example

Insomnia

  1. Open Insomnia and create a new request.
  2. In the Authentication tab, select OAuth 2.0 and set Grant Type to Client Credentials.
  3. Set the Access Token URL to https://api.securithings.com/token/<organization>.
  4. Fill in the fields with the credentials provided by the SecuriThings team.
  5. Under Advanced Options, ensure Credentials is set to As Basic Auth Header. (should be default)

An example of the configuration can be seen in the following image: Insomnia 0Auth2 Settings Example

← Previous page
Introduction
Next page →
Pagination & Filtering