Authorization

API keys

Apps which want to access the API must obtain an API key. There are two methods for doing so.

Unlocking the gateway
HTTP basic authentification

The only exception is when you try to create an API key from the gateway itself using the loopback address 127.0.0.1 then authorization is not required.

Unlocking the gateway

Unlocking the gateway for a short period of time allows any app to acquire an API key via configuration API.

To unlock the gateway for 60 seconds open the Phoscon app (see discovery) in the browser and choose Settings/Gateway from the top left menu. On the gateway page go to advanced settings an click on the Authenticate app button in order to unlock the gateway.

phoscon settings advanced settings

In the next 60 seconds any app may acquire a new API key.

HTTP basic authentication

Apps might want to receive an API key without the need that the user must unlock the gateway. This could be achieved by asking the user for the gateway username and password and handover the credentials in the Acquire API key call via HTTP basic authentification.

The API call needs to be extended with HTTP header field Authorization as follows:

Authorization: Basic <credential-hash>

There <credential-hash> is the base64 encoded version of username:password.