To use the Coiote IoT DM API you need to have a user account in the platform. Individual users can sign up for a free Developer account using the sign-up page. They are granted a regular user account that has access to a selected set of endpoints, such as devices, groups or deviceEvents. You can find the list of endpoints accessible for a Developer account in the Permissions section. For more information about account types, see Plans and pricing.
Type of authentication
Coiote IoT DM API uses OAuth 2.0 Password Grant authentication. In this form of authentication you have to provide the username and password in a
POST request to the server. The server then exchanges the password for an access token.
POST request contains the following parameters:
- grant_type - by providing the value “password” you indicate the password grant authentication type
- username - your username
- password - your password
SSO users (usually business users) need to have an Identity Access Management (IAM) service account. Contact the platform administrator to have this account created.
In some installations the users obtain access token through exchange token procedure. Contact the platform administrator for more information.
How to get access token
You can obtain a REST API access token by sending the
POST request on an authentication endpoint. If you want to use cURL enter the following command in the terminal:
curl -X - `POST` \ -H "Content-Type:application/x-www-form-urlencoded" \ --data-urlencode "grant_type=password" \ --data-urlencode "firstname.lastname@example.org" \ --data-urlencode "password=pass" \ 'https://#HOSTNAME/api/auth/oauth_password'
You can send the request using any of the tools described in section Tools to test our API.
The response to this request will contain the access token and its expiration time expressed in seconds:
How to authenticate requests
Include the obtained token in the "authorization" header of the request. For example:
curl -i -X - `GET` "http://#HOSTNAME/api/coiotedm/v3/devices" -H "accept: application/json" -H "authorization: Bearer #TOKEN"
#TOKENwith your actual access token and
#HOSTNAMEwith your actual hostname.
Error messages related to invalid authentication
- 401: Unauthorized - you may encounter this error, if you provide incorrect access token
- 403: Forbidden - you may encounter this error, if you attempt to access an endpoint without the necessary permission
Token expiration time
The expiration time of the token is determined by the administrator and remains consistent for all user types. Typically, the token expires after around 5 minutes.
Each endpoint has a separate permission.
Developer and Business accounts have permissions for the access to the following set of API endpoints: