besmart.energy / API / authentication.md

Authentication

All REST API resource requests require an authorization token to be passed in the Authorization header.

The besmart.energy system requires two-factor authentication:
The app requires two-factor authentication:

  1. In the first step, based on the token associated with a given application workspace (workspace_token to be downloaded for workspace administrators using the application), you should download a temporary individually generated token (valid for 2 hours).
    The endpoint https://api.besmart.energy/api/users/token is used for this. In the POST method the authorization parameters should be passed:

     {
    "login": "login_name",
    "password": "login_password"
 }

    where in the X-Auth header field the workspace token workspace_token should be passed:

     X-Auth: workspace_token

    A temporary session token will be generated in response: temporary_session_token.

  2. In ordering any other endpoint, the temporary session token generated in step 1 must be entered in the Authorization header field:

     Authorization: Bearer temporary_session_token

See also

  1. Table of Contents
  2. Basic API endpoints