Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This documentation provides an overview of twinzo's two API authorization methods - Device OAuth and ttatic static token, along with the request signing process for authorized requests. With this information, developers can effectively implement authorization and request signing to securely integrate third-party data sources with twinzo's API endpoint.

Device OAuth

  • The Device OAuth method enables authorization per device using a login and password combination. Developers can add login and password credentials in the device edit form, as described in the previous chapters.

  • To send authentication requests with credentials and client name, developers can use the following endpoint:

...

...

Tip

Upon a successful request, the developer will receive a token with an expiration date. Every authorized request on API functions must be signed with an active token or API Key.

  • Each token has an expiration, but it can be refreshed with a dedicated method available at:

...

...

Static Token

Alternatively, developers can generate a static token to sign every request with the same server key. This method is recommended only for server-to-server communication, as it is less secure than Device OAuth.

Info

If a third-party system is sending data from distributed devices, it is strongly recommended not to use static tokens for client devices.

...

Request Signing

  • Each authorized request must be signed with the proper token, which should be included in requests via specific HTTP Header values.

  • To identify the proper client, headers must also include the Client and Branch GUID key.

  • Developers can find the Branch GUID in the list of branches in the Places section,

...

  • and the Client GUID is

...

  • displayed in the Settings in the Client tab.

...