Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

This documentation provides an overview of twinzo's two API authorization methods - Device OAuth and static token, along with the request signing process for authorized requests. With this information, developers can effectively implement authorization and request signing to securely integrate third-party data sources with twinzo's API endpoint.

Device OAuth

Upon a successful request, the developer will receive a token with an expiration date. Every authorized request on API functions must be signed with an active token or API Key.

Static Token

Alternatively, developers can generate a static token to sign every request with the same server key. This method is recommended only for server-to-server communication, as it is less secure than Device OAuth.

If a third-party system is sending data from distributed devices, it is strongly recommended not to use static tokens for client devices.

Request Signing

  • Each authorized request must be signed with the proper token, which should be included in requests via specific HTTP Header values.

  • To identify the proper client, headers must also include the Client and Branch GUID key.

  • Developers can find the Branch GUID in the list of branches in the Places section, while the Client GUID is obtained via registration through a Twinzo support contact.

  • No labels