Authentication

Via user

Some protected API routes are secured with a bearer token. To access such a route, an "Authorization" header has to be appended with the content "Bearer <token>". A valid token can be retrieved by calling the login API. The following routes are affected:

  • /api/v2/my/products

  • /api/v2/my/products/apps

  • /api/v2/my/subscrptions

In addition you can use this to activate your device. See #activate-device-via-user-license for details.

Via session id

Some protected API routes require a session id. To access such a route, an "X-Session-Id" header has to be appended with the session id as the content. For getting a session id see Acquiring a session id. The following routes are affected:

  • /api/v2/device/license/validate

  • /api/v2/manifests/{app}/{version}

  • /api/v2/tokens

Acquiring a session id

A successful device activation produces an initial session id which you can use to authenticate API calls. After some time the session id will expire. The console will set a currently valid session id in the "X-Session-Id" header of all responses on routes that require a session id for authentication. You should inspect the session id of all responses and switch to the new session id as soon as it changes.

Device activation

There are two ways to activate your device which will be explained in the following.

Activate device via user

Activating a device via a user consumes a license which can not be used again

The route /api/v2/device/license/activate can be used to activate your device by providing an "Authorization" header as seen in Via user. On successful activation the console will respond with a valid session id and a license key. Put your license key somewhere save as you can reactivate your device via this license key if you lose your session id (e.g. after your device was factory reset). See Activate device via license key.

Activate device via license key

The route /api/v2/device/license/activate can be used to activate your device by providing a license key in the request body. On successful activation the console will respond with a valid session id and a license key. This license key can be used to reactivate your device in case you lose your session id, but this will invalidate the previously used session id.

Last updated