Generally speaking, devices don't have access to the API and nor should they. Devices live in potentially unprotected locations and should not have any permissions to do anything other than log data to the cloud.

However, there are some circumstances where you do want a device to access the API and it's easier to grant access to the device than to attempt to manage an API token.

Permissions

To give a device access to the API, browse to Admin -> Access -> API Tokens tab.

In this tab, select NEW DEVICE TOKEN

• Select the target device that you want to be able to access the API

• OPTIONAL - select the device group, that is, the other devices you want the target device to be able to see/access

• Select the desired permissions

• Click INVITE

Update permissions

Unlike API tokens, the permissions granted to a devices can be updated. Click EDIT to make the changes.

Remove/revoke access

To remove access to the API, click the dropdown arrow next to the EDIT button and select REVOKE.

Authentication

Authentication is handled using the webauthn standard. The device's private key is used to sign a random "challenge" token and, if successful, a new token is issued with a 10 hour expiry. For more details, or for example code, please contact your account manager.