The SmartSense REST API uses the client credentials portion of the OAuth2 specification to perform authentication and authorization. This requires the client of the API to possess a client identifier and a client "secret" (which should be considered confidential). The client ID and secret are effectively a username and password.

However, instead of access being limited to a specific user, these accounts typically have full (read-only) access to PartnerData API, and these credentials should be secured as they would any other user or network credentials. Both the client ID and "secret" make up the client credentials.

SmartSense provides client credentials for clients of the API. Once you have acquired credentials, make a call to the SmartSense authorization endpoint (https://api.smartsense.co/auth/oauth) to obtain a token.

The client credentials are bound at creation time to a specific SmartSense account ID and user ID. Currently, client credentials have access to all data available to the SmartSense user ID.

As per the OAuth2 specification, client credentials can be used by the API client to obtain an AccessToken. This AccessToken can then be used for authorizing API calls (until the token expires). To obtain an AccessToken, the client makes a POST request to /auth/oauth, as described in https://tools.ietf.org/html/rfc6749#section-4.4.2.

To summarize section 4.4.2 of the OAuth2 specification: pass grant_type=client_credentials in the body of the request (form-urlencoded), and use HTTP Basic authentication to provide the client ID and client secret.
​
​

When calling the authentication endpoint, you must supply the following headers:

To authorize with the SmartSense API you need to pass a Bearer token obtained using the Authentication process. The bearer token must be included in the Authorization header for all API requests and must look like the following:

Authorization: Bearer TOKEN_FROM_SMARTSENSE

You must replace TOKEN_FROM_SMARTSENSE with your personal API token from the Authorization process.