Skip to content

Authentication & Security

In this chapter, we introduce the API-independent authentication and security concepts.

Authentication

Our APIs use bearer token authentication. The general flow looks like this:

%%{init: {'theme': 'dark'}}%%
sequenceDiagram
    participant Client
    participant Auth as Token Endpoint
    participant API as API Endpoint

    rect rgba(40, 44, 52, 0.6)
        Note over Client, Auth: Token Acquisition
        Client->>Auth: POST /v1/token {username, password}
        Auth-->>Client: Return Bearer Token
    end

    rect rgba(40, 44, 52, 0.6)
        Note over Client, API: Using Token for API Access
        Client->>API: Request with Authorization: Bearer {token}
        API-->>Client: Response data
    end

You must acquire a token and use it to authenticate your requests. The token is valid for 24 hours and must be used to authenticate all subsequent operations. To obtain a token, you need to authenticate using a token endpoint.

POST https://<api-name>.REGION.ENV.savr.saveris.net/v1/token

Include the following JSON in the body of the request to provide your username and password:

{
   "username": "string",
   "password": "string"
}

Note

The Push API, being a WebSocket API, does not provide a token endpoint. However, you can use this token endpoint to get the token. For example, refer to the Data API

For more detailed information about the API endpoints, please refer to the API references of each API.

What Next?

We recommend continuing with the general concepts chapter if you are not familiar with this.