Authenticate your OAuth2 Client on the REST API

If you have chosen to connect from your machine or device to graphicx on the REST API, please use the following explanations to complete the authentication of your client. The "client" can be any IoT device (machine, device, plant, plant module, etc.), an IoT gateway, a server-side component of yours, a mobile app or similar. We use the OAuth2 Internet standard for authentication and authorization on the REST API.

Obtain your access token

To authenticate on the REST API, your client, needs to obtain an access token using an OAuth2 Grant Type. Depending on the configuration in our cloud, it thereby may also be provided with a refresh token.

Choose your Grant Type

OAuth2 distinguishes authentication with and without a user context. In our case, if there is a user taking part in the interactions, as it would for example be in a mobile app, the Grant Type "password" must be used. If there is no direct user interaction, as it would usually be the case with IoT devices installed at an industrial site, the Grant Type "client_credentials" must be used.

Optionally obtain a refresh token

If your client happens to also be provided with a refresh token, this can be used to obtain a fresh access token using the Grant Type "refresh_token" until the refresh token has expired. Although of course with OAuth2 the use of TLS (https/http2) to secure connections is mandatory, if your client has been provided with a refresh token, it is always a good idea to actually make use of it, because it reduces the number of requests in which credentials are transported over the connection.

Note that just in case your client is a mobile app and an implementation of a remember-me function is desired, made available of course only if the mobile device, on which an instance of your mobile app is running, is currently secured via credentials (PIN, fingerprint, facial recognition, etc.), we can provide long-lived refresh tokens.

Route, Request Headers and Request Body

In this quickstart guide we assume using Grant Type "client_credentials".

Please derive route, request headers and request body from this example based on the command curl, where the backslash character at the end of a line is the line continuation character commonly used to fit listings on a page, while it is also a good idea to have another look at the standard specification:

curl -u ${client_name}:${client_secret} -X POST -H \
-d "grant_type=client_credentials" https://${hostname}/api/v2/user-manager/oauth/token
  1. Please write an e-mail to credentials@nexocraft.de to request your credentials
  2. Please replace the {client_name} and the {client_secret} with the credentials we sent to you
  3. The {hostname} is part of the endpoint, please replace it also with your hostname we sent to you

Next step: Start your data collection via REST API


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.