Request Access Token

PreviousMOOST API Integration NextSynchronize Buildings and Devices

Last updated 5 months ago

Request Access Token

To perform operations with the MOOST API, it is essential to obtain a new access token from the Auth API. This token is required for authenticating and authorizing your requests. The steps to lease a new access token are as follows:

Request a New Token: Send a request to the https://api.moost.io/auth/token/v1 endpoint with the provide client id and client secret to obtain a new access token. This endpoint will issue a token that is valid for 86400 seconds (24 hours).
Use the Token: Include the access token in the Authorization header of your API requests to authenticate them. This token grants access to the API's functionalities as documented.
Token Expiration: Be aware that the access token will expire after 86400 seconds. It is crucial to monitor the token's validity and request a new one before it expires to maintain uninterrupted access to the API.
Refresh the Token: Once the token expires, repeat the process by sending a request to the /auth/token/v1 endpoint to lease a new access token. Ensure this is done promptly to continue using the API services without any interruptions.

By following these steps, you can efficiently manage the access tokens required for seamless interaction with the API.

Auth Token API

Example

API Call with CURL

# use your own id and secret:
CLIENT_ID="6c............................Uo"
CLIENT_SECRET="Df............................................................Ye"

curl -X GET "https://api.moost.io/auth/token/v1?clientId=$CLIENT_ID&clientSecret=$CLIENT_SECRET"

Sample response

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik5EVkNSa0l6T1RBek16RkRRakV3TURBeU1EYzBSRE01TTBJNE5qRTVSamxGUWpKQ1FqQTNNZyJ9.eyJjdXN0b21lcklkIjoiNjU2NzMwYmUyYmM5NzE5ZTZlNWVkNTFkIiwiaXNzIjoiaHR0cHM6Ly9hdXRoLm1vb3N0LmlvLyIsInN1YiI6ImtJaG5FdmJHVXBPU2VGeDYwdFZETkg1QzhFYWJoMzZpQGNsaWVudHMiLCJhdWQiOiJodHRwczovL21vb3N0LWFwaSIsImlhdCI6MTcyMDEwMDE5MywiZXhwIjoxNzIwMTg2NTkzLCJzY29wZSI6InJlYWQ6YnVpbGRpbmdzIHdyaXRlOmJ1aWxkaW5ncyByZWFkOmV2ZW50cyB3cml0ZTpldmVudHMgcmVhZDpwdXNobm90aWZpY2F0aW9ucyB3cml0ZTpwdXNobm90aWZpY2F0aW9ucyIsImd0eSI6ImNsaWVudC1jcmVkZW50aWFscyIsImF6cCI6ImtJaG5FdmJHVXBPU2VGeDYwdFZETkg1QzhFYWJoMzZpIiwicGVybWlzc2lvbnMiOlsicmVhZDpidWlsZGluZ3MiLCJ3cml0ZTpidWlsZGluZ3MiLCJyZWFkOmV2ZW50cyIsIndyaXRlOmV2ZW50cyIsInJlYWQ6cHVzaG5vdGlmaWNhdGlvbnMiLCJ3cml0ZTpwdXNobm90aWZpY2F0aW9ucyJdfQ.Yp9mZq9n-enmhRB1sm0mUppIECWlHE94qu6pgtyBLPvhl6UMDL-UWNN26eZjhugm003icEQjgXBdVtzljXmXnr2y29xfgflztvdHWmHMO_6Pdx-f_XjcGJjBtF1WgHLiCemr-GXY5wLLXQgFqnTNU6IyUk9fcV7rYPJWP_CwLMawSeB_FcfGATtkXmijHMsX2nZVKAq-_R9uLMgieOBeu9VPhFx6lGGaaUbtXJ3t-P3lvNZJBuz4c1YAiVtcc6s66wbYx2-7Uzd2rOwAPlo-Y2pjk8qmE0CgRlWRf8lg9bk58qIYWHF_Zlef1CUP7A0y7KIN9ymtAp1x0184iiD2dQ",
  "expires_in": 86400,
  "scope": "read:buildings write:buildings read:events write:events read:pushnotifications write:pushnotifications",
  "token_type": "Bearer"
}

You may store the access token in another variable, if you plan to call some MOOST API from the shell:

# use your received access token
ACCESS_TOKEN="eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik5EVkNSa0l6T1RBek16RkRRakV3TURBeU1EYzBSRE01TTBJNE5qRTVSamxGUWpKQ1FqQTNNZyJ9.eyJjdXN0b21lcklkIjoiNjU2NzMwYmUyYmM5NzE5ZTZlNWVkNTFkIiwiaXNzIjoiaHR0cHM6Ly9hdXRoLm1vb3N0LmlvLyIsInN1YiI6ImtJaG5FdmJHVXBPU2VGeDYwdFZETkg1QzhFYWJoMzZpQGNsaWVudHMiLCJhdWQiOiJodHRwczovL21vb3N0LWFwaSIsImlhdCI6MTcyMDEwMDE5MywiZXhwIjoxNzIwMTg2NTkzLCJzY29wZSI6InJlYWQ6YnVpbGRpbmdzIHdyaXRlOmJ1aWxkaW5ncyByZWFkOmV2ZW50cyB3cml0ZTpldmVudHMgcmVhZDpwdXNobm90aWZpY2F0aW9ucyB3cml0ZTpwdXNobm90aWZpY2F0aW9ucyIsImd0eSI6ImNsaWVudC1jcmVkZW50aWFscyIsImF6cCI6ImtJaG5FdmJHVXBPU2VGeDYwdFZETkg1QzhFYWJoMzZpIiwicGVybWlzc2lvbnMiOlsicmVhZDpidWlsZGluZ3MiLCJ3cml0ZTpidWlsZGluZ3MiLCJyZWFkOmV2ZW50cyIsIndyaXRlOmV2ZW50cyIsInJlYWQ6cHVzaG5vdGlmaWNhdGlvbnMiLCJ3cml0ZTpwdXNobm90aWZpY2F0aW9ucyJdfQ.Yp9mZq9n-enmhRB1sm0mUppIECWlHE94qu6pgtyBLPvhl6UMDL-UWNN26eZjhugm003icEQjgXBdVtzljXmXnr2y29xfgflztvdHWmHMO_6Pdx-f_XjcGJjBtF1WgHLiCemr-GXY5wLLXQgFqnTNU6IyUk9fcV7rYPJWP_CwLMawSeB_FcfGATtkXmijHMsX2nZVKAq-_R9uLMgieOBeu9VPhFx6lGGaaUbtXJ3t-P3lvNZJBuz4c1YAiVtcc6s66wbYx2-7Uzd2rOwAPlo-Y2pjk8qmE0CgRlWRf8lg9bk58qIYWHF_Zlef1CUP7A0y7KIN9ymtAp1x0184iiD2dQ"

PreviousMOOST API Integration NextSynchronize Buildings and Devices

Last updated 5 months ago

Request a New Token: Send a request to the https://api.moost.io/auth/token/v1 endpoint with the provide client id and client secret to obtain a new access token. This endpoint will issue a token that is valid for 86400 seconds (24 hours).
Use the Token: Include the access token in the Authorization header of your API requests to authenticate them. This token grants access to the API's functionalities as documented.
Token Expiration: Be aware that the access token will expire after 86400 seconds. It is crucial to monitor the token's validity and request a new one before it expires to maintain uninterrupted access to the API.
Refresh the Token: Once the token expires, repeat the process by sending a request to the /auth/token/v1 endpoint to lease a new access token. Ensure this is done promptly to continue using the API services without any interruptions.

By following these steps, you can efficiently manage the access tokens required for seamless interaction with the API.

Auth Token API

Example

API Call with CURL

# use your own id and secret:
CLIENT_ID="6c............................Uo"
CLIENT_SECRET="Df............................................................Ye"

curl -X GET "https://api.moost.io/auth/token/v1?clientId=$CLIENT_ID&clientSecret=$CLIENT_SECRET"

Sample response

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik5EVkNSa0l6T1RBek16RkRRakV3TURBeU1EYzBSRE01TTBJNE5qRTVSamxGUWpKQ1FqQTNNZyJ9.eyJjdXN0b21lcklkIjoiNjU2NzMwYmUyYmM5NzE5ZTZlNWVkNTFkIiwiaXNzIjoiaHR0cHM6Ly9hdXRoLm1vb3N0LmlvLyIsInN1YiI6ImtJaG5FdmJHVXBPU2VGeDYwdFZETkg1QzhFYWJoMzZpQGNsaWVudHMiLCJhdWQiOiJodHRwczovL21vb3N0LWFwaSIsImlhdCI6MTcyMDEwMDE5MywiZXhwIjoxNzIwMTg2NTkzLCJzY29wZSI6InJlYWQ6YnVpbGRpbmdzIHdyaXRlOmJ1aWxkaW5ncyByZWFkOmV2ZW50cyB3cml0ZTpldmVudHMgcmVhZDpwdXNobm90aWZpY2F0aW9ucyB3cml0ZTpwdXNobm90aWZpY2F0aW9ucyIsImd0eSI6ImNsaWVudC1jcmVkZW50aWFscyIsImF6cCI6ImtJaG5FdmJHVXBPU2VGeDYwdFZETkg1QzhFYWJoMzZpIiwicGVybWlzc2lvbnMiOlsicmVhZDpidWlsZGluZ3MiLCJ3cml0ZTpidWlsZGluZ3MiLCJyZWFkOmV2ZW50cyIsIndyaXRlOmV2ZW50cyIsInJlYWQ6cHVzaG5vdGlmaWNhdGlvbnMiLCJ3cml0ZTpwdXNobm90aWZpY2F0aW9ucyJdfQ.Yp9mZq9n-enmhRB1sm0mUppIECWlHE94qu6pgtyBLPvhl6UMDL-UWNN26eZjhugm003icEQjgXBdVtzljXmXnr2y29xfgflztvdHWmHMO_6Pdx-f_XjcGJjBtF1WgHLiCemr-GXY5wLLXQgFqnTNU6IyUk9fcV7rYPJWP_CwLMawSeB_FcfGATtkXmijHMsX2nZVKAq-_R9uLMgieOBeu9VPhFx6lGGaaUbtXJ3t-P3lvNZJBuz4c1YAiVtcc6s66wbYx2-7Uzd2rOwAPlo-Y2pjk8qmE0CgRlWRf8lg9bk58qIYWHF_Zlef1CUP7A0y7KIN9ymtAp1x0184iiD2dQ",
  "expires_in": 86400,
  "scope": "read:buildings write:buildings read:events write:events read:pushnotifications write:pushnotifications",
  "token_type": "Bearer"
}

You may store the access token in another variable, if you plan to call some MOOST API from the shell:

# use your received access token
ACCESS_TOKEN="eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik5EVkNSa0l6T1RBek16RkRRakV3TURBeU1EYzBSRE01TTBJNE5qRTVSamxGUWpKQ1FqQTNNZyJ9.eyJjdXN0b21lcklkIjoiNjU2NzMwYmUyYmM5NzE5ZTZlNWVkNTFkIiwiaXNzIjoiaHR0cHM6Ly9hdXRoLm1vb3N0LmlvLyIsInN1YiI6ImtJaG5FdmJHVXBPU2VGeDYwdFZETkg1QzhFYWJoMzZpQGNsaWVudHMiLCJhdWQiOiJodHRwczovL21vb3N0LWFwaSIsImlhdCI6MTcyMDEwMDE5MywiZXhwIjoxNzIwMTg2NTkzLCJzY29wZSI6InJlYWQ6YnVpbGRpbmdzIHdyaXRlOmJ1aWxkaW5ncyByZWFkOmV2ZW50cyB3cml0ZTpldmVudHMgcmVhZDpwdXNobm90aWZpY2F0aW9ucyB3cml0ZTpwdXNobm90aWZpY2F0aW9ucyIsImd0eSI6ImNsaWVudC1jcmVkZW50aWFscyIsImF6cCI6ImtJaG5FdmJHVXBPU2VGeDYwdFZETkg1QzhFYWJoMzZpIiwicGVybWlzc2lvbnMiOlsicmVhZDpidWlsZGluZ3MiLCJ3cml0ZTpidWlsZGluZ3MiLCJyZWFkOmV2ZW50cyIsIndyaXRlOmV2ZW50cyIsInJlYWQ6cHVzaG5vdGlmaWNhdGlvbnMiLCJ3cml0ZTpwdXNobm90aWZpY2F0aW9ucyJdfQ.Yp9mZq9n-enmhRB1sm0mUppIECWlHE94qu6pgtyBLPvhl6UMDL-UWNN26eZjhugm003icEQjgXBdVtzljXmXnr2y29xfgflztvdHWmHMO_6Pdx-f_XjcGJjBtF1WgHLiCemr-GXY5wLLXQgFqnTNU6IyUk9fcV7rYPJWP_CwLMawSeB_FcfGATtkXmijHMsX2nZVKAq-_R9uLMgieOBeu9VPhFx6lGGaaUbtXJ3t-P3lvNZJBuz4c1YAiVtcc6s66wbYx2-7Uzd2rOwAPlo-Y2pjk8qmE0CgRlWRf8lg9bk58qIYWHF_Zlef1CUP7A0y7KIN9ymtAp1x0184iiD2dQ"

Receive a new access token

get

Authorizations

Query parameters

clientIdstringRequiredPattern: ^[a-zA-Z0-9]{1,100}$

clientSecretstringRequiredPattern: ^[a-zA-Z0-9_-]{1,100}$

Responses

200

Success. Valid access token obtained.

application/json

401

Unauthorized. Client id or secret is invalid.

500

Server error. Failed to obtain a valid access token.

get

GET /auth/token/v1 HTTP/1.1
Host: api.moost.io
Authorization: Bearer JWT
Accept: */*

{
  "access_token": "text",
  "expires_in": 1,
  "scope": "text",
  "token_type": "Bearer"
}