Sessions

• with a scope

If scope is unspecified, the token will be able to perform any API actions. If scope is specified, then the API endpoint must be explicitly marked permitted or will otherwise return HTTP status 403 Forbidden.

The format of scope is a comma-separated list of resource/action specifiers. For example, the scope for reading and listing scenes is scenes/read,scenes/list. The scope for reading scenes and scans is scenes/read,scans/read. The scope for allowing all actions on scenes may be abbreviated with a wildcard, scenes/*.

Permitted actions are:

Resource Valid Actions
access-tokens create
collections create, read, update, delete, list
customers create, read, update, delete, list
scans create, read, update, delete, list
scenes create, read, update, delete, list
teams show

Endpoint

POST /api/v2/auth/generate_access_token

Parameters

Name Description type
api_key required api key string
api_secret required api secret string
scope scope string

Request

Route

POST /api/v2/auth/generate_access_token

Headers

Accept: application/json
Content-Type: application/json

Body

{
  "api_key": "QVgJW3Q8edsKMpMD",
  "api_secret": "qw43qn9rYVNBwFFXp2XwXBeaGVkK5XL7UPH9LKoR",
  "scope": "scenes/create"
}

Response

Status

200

Headers

Content-Type: application/json; charset=utf-8

Body

{
  "success": true,
  "Access-Token": "281f0f57df4fc1973623ab572c1b91c2420dd339d8d398e01a8784d7d1bd891e$$MrHZ1erD+IQ999gmnWK3dbks9Y0RWpe/bq7WZ8qOPAuJNVUtQAPkMJrHqnAzwhJmZEggblotrV98cDtWFUs0--9uvhDjhKTjQKCu8+--a2idQzljiyYkXC/dvaxIhg==",
  "Api-Key": "QVgJW3Q8edsKMpMD"
}