Document toolboxDocument toolbox

Authorization

This documentation provides an overview of twinzo's two API authorization methods - Device OAuth and static token, along with the request signing process for authorized requests. With this information, developers can effectively implement authorization and request signing to securely integrate third-party data sources with twinzo's API endpoint.

Device OAuth

Upon a successful request, the developer will receive a token with an expiration date. Every authorized request on API functions must be signed with an active token or API Key.

Static Token

Alternatively, developers can generate a static token to sign every request with the same server key. This method is recommended only for server-to-server communication, as it is less secure than Device OAuth.

If a third-party system is sending data from distributed devices, it is strongly recommended not to use static tokens for client devices.

Request Signing

  • Each authorized request must be signed with the proper token, which should be included in requests via specific HTTP Header values.

  • To identify the proper client, headers must also include the Client and Branch GUID key.

  • Developers can find the Branch GUID in the list of branches in the Places section, and the Client GUID is displayed in the Settings in the Client tab.

 

Related pages

If you encounter any issues or need assistance with using this product, please do not hesitate to reach out for support. Our team is here to help you resolve any problems and answer any questions you may have.
To create a support ticket, visit our support portal at https://partner.twinzo.eu/helpdesk/customer-care-1