🔒 Authentication

Authentication to SpatiaFi API is done via OAuth 2.0. Due to the secure nature of OAuth 2.0, access tokens are short-lived and must be refreshed periodically.

The Quickstart guide gave an example of generating an access token using your username and password, but because this requires periodically transmitting your password, it is not recommended for production use.

This guide will walk you through the process of generating permanent App Credentials (a client_id and client_secret pair), which can be used to generate access tokens without transmitting your password. In the following walkthrough, we will:

Generate a temporary (~15 minute) access token using your username and password.
Use that access token to generate permanent App Credentials (a client_id and client_secret pair)
Use the App Credentials to generate a new access token.
Finally, we will use the new access token to access the SpatiaFi API.

Example Code

We have provided example code for generating App Credentials in the App Authentication tutorial.

Generate a temporary Access Token

In the panel below, expand the "Security" section and enter your username and password. Then click "Send"!

Generate a Client ID and Client Secret

Using the access token generated above, we can generate permanent App Credentials. Technically, these are called "Client Credentials" in OAuth 2.0, and consist of a client_id and client_secret pair. These are very much like a username and password pair, and should be treated as such.In the panel below, expand the "Security" section and ensure that "Security scheme" is set to OAuth2PasswordBearer. If you Access Token is not automatically populated, copy and paste it from the response above. There is no need to enter anything in the "Body" section.

Please log in above first. We will use the temporary access token to authenticate to this endpoint.

Warning

The client_secret returned above is only shown once, and cannot be retrieved again. Please copy and store it in a secure location.

Use Client ID and Client Secret

Now that we have a client_id and client_secret pair, we can use them to generate a new access token, without transmitting your password (or client_secret).This is done by minting a new JSON Web Token or JWT using the client_id and securely signing it with the client_secret. This is a somewhat complex process to do manually, but we have provided example code in the Manual App Authentication tutorial.

Use Access Token to access API

Now that we have an access token, we can use it to access the SpatiaFi API.

In the panel below, expand the "Security" section and ensure that "Security scheme" is set to OAuth2PasswordBearer.