Authentification

You can setup authorization per device using login and password combination. Other way is to generate static API key and send data in the name of multiple devices

Device oAuth
Authorization per device via oAuth tokens. In this scenario, you will be able to send localization data per single RTLS device. Login and password credentials need to be added in the device edit form described in previous chapters.

You will send an authentication request with credentials and client name.

URL: https://api.twinzo.eu/swagger/ui/index#!/Authorization/Authorization_Authenticate

With a successful request, you will receive Token with expiration date. Every request on authorized API functions must be signed with active Token. Every token has expiration, but can be refreshed with dedicated method.

URL: https://api.twinzo.eu/swagger/ui/index#!/Authorization/Authorization_RefreshToken

Static Token
You can generate a static token and sign every request with this same server key. This scenario is less secure and recommended only to use for server-to-server communication. If 3rd party system is sending data from distributed devices, it is strongly recommended to not use static tokens for client devices.

Static token now can sign every authorized request to API, the same way as user tokens do.

Signing requests
Each authorized request must be signed with proper token. Tokens are included to requests via specific HTTP Header values. In the case of invalid token, server will send response with proper HTTP error code.

To identify proper client, headers must also include Client and Branch guid key. You can find Branch guid in the list of branches in Places section. Client guid is obtained via registration by your twinzo support contact.