Skip to content

Token Management Service – Samples

Getting a Token to Access Customer IoT Data

Use the following endpoint:

1
POST api/technicaltokenmanager/v3/oauth/token

Define the following header keys, replace <X-SPACE-AUTH-KEY> with your authorization key, which is generated as explained below:

1
2
Content-Type: application/json
X-SPACE-AUTH-KEY : <X-SPACE-AUTH-KEY>

Generating the X-SPACE-AUTH-KEY

  1. Encode the following combination of user name/ID and password/secret using Base64:

    1
    <client_id>:<client_secret>
    
  2. Build the <X-SPACE-AUTH-KEY> using the word Basic, followed by a space and the encoding result, e.g.:

    1
    X-SPACE-AUTH-KEY : Basic <ZGlvcDEtaGVybWlvbmUtaGVybWlvbmU6c2RqaGZhc2RqaGZqYXNkaGZqa2FzZGhmams=>
    

Request example:

1
2
3
4
5
6
{
  "appName": "testapplication",
  "appVersion": "1.0.0",
  "hostTenant": "testhosttenant1",
  "userTenant": "testusertenant1"
}

Sample response:

1
2
3
4
5
6
7
{
    "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImtleS1pZC0xIiwidHlwIjoiSldUIn0.eyJqdGkiOiI4NjhhOTViYmJkZGM0ZmQ4YTU3ZTM0MGMyYmI3ZWJiNiIsInN1YiI6InNuZC1jbGllbnQiLCJzY29wZSI6WyJkZXAuZG93biIsImdyLnUiLCJwdHMuc2kiLCJkZXAuYWQiLCJ0bS50LnIiLCJkZXAuZHJlZyIsImdyLmMiLCJpbS5nLmQiLCJnci5kIiwiaW0uZy5jIiwiYXZzLnZhbCIsImNkcy5yIiwibm9zZS5zZSIsInJlcC5yIiwicmVwLnN1IiwiY2RzLnciLCJjZkFwcHMubWwiLCJnci5yIiwiY3N0LnIiLCJwdWIuciIsImltLmcuciIsInJlcC5kb3duIiwicHJ2LmcudSIsInBydi5nLnIiLCJpbS5nLnUiLCJwdWIucHQiLCJhdnMuY2tzLmNwIiwiaWFtLWFjdGlvbi5jbGllbnRfY3JlZGVudGlhbHMudGVuYW50LWltcGVyc29uYXRpb24iLCJwcnYuZy5kIiwicHJ2LmcuYyIsImRlcC5yZWciLCJwdWIucGEiLCJkZXAudXBnIiwicmVwLnVwIiwicHRzLnV0IiwicHViLnN1IiwicmVwLm11IiwiY2ZBcHBzLnNvIiwiZGVwLnVyZWciLCJjZkFwcHMuc3MiLCJkZXAuYXVkIiwicmVwLnV2IiwidXRzLnN1IiwicHRzLnBjIiwicHJ2LnIiLCJjZkFwcHMuYXIiLCJyZXAuYXAiLCJwcnYuYyIsInJlcC52dSJdLCJjbGllbnRfaWQiOiJzbmQtY2xpZW50IiwiY2lkIjoic25kLWNsaWVudCIsImF6cCI6InNuZC1jbGllbnQiLCJncmFudF90eXBlIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwicmV2X3NpZyI6IjZmZjVlMDkwIiwiaWF0IjoxNTQyODY0NjYzLCJleHAiOjE1NDI4NjY0NjMsImlzcyI6Imh0dHBzOi8vY29yZS5waWFtLmV1MS1pbnQubWluZHNwaGVyZS5pby9vYXV0aC90b2tlbiIsInppZCI6ImNvcmUiLCJhdWQiOlsibm9zZSIsImNzdCIsImlhbS1hY3Rpb24uY2xpZW50X2NyZWRlbnRpYWxzIiwic25kLWNsaWVudCIsInRtLnQiLCJnciIsImltLmciLCJkZXAiLCJwdHMiLCJwcnYuZyIsImNkcyIsInV0cyIsInBydiIsImF2cy5ja3MiLCJjZkFwcHMiLCJyZXAiLCJwdWIiLCJhdnMiXSwidGVuIjoiY29yZSIsInNjaGVtYXMiOlsidXJuOnNpZW1lbnM6bWluZHNwaGVyZTppYW06djEiXSwiY2F0IjoiY2xpZW50LXRva2VuOnYxIn0.eClNyplodSUU9MFJS2eM-Mc_pU2niRCDtEGZARxrq0UhseZ4DbqMwOIW4wEFqqBvNN-mdYS6XumnnFDn4IFEnJyM0DNcCzTucjqVS4RicRsa8lKFODSdQs1wO7FOETDR0_4QHFFvhB54WEsDDzlint67dhZN44nVdM2KLNJ9wkt949MWJtUZy1VrJNz-pRq_F-5Nvh6ZCA0E_DAmCEcyR0wrxY3A2QfZhYneh8VnkTPknWOtPFdpmWp7IXfNrUmiNRMI7EwY9HNTQ4GZsGkZhDdpOOrDIxZkDfTfoUgaLGtzEX8RtLUXPmE2W3e-LLkPGpsYDlN18_88sePWGjacDQ",
    "token_type": "bearer",
    "expires_in": 1799,
    "scope": "dep.down gr.u pts.si dep.ad tm.t.r dep.dreg gr.c im.g.d gr.d im.g.c avs.val cds.r nose.se rep.r rep.su cds.w cfApps.ml gr.r cst.r pub.r im.g.r rep.down prv.g.u prv.g.r im.g.u pub.pt avs.cks.cp iam-action.client_credentials.tenant-impersonation prv.g.d prv.g.c dep.reg pub.pa dep.upg rep.up pts.ut pub.su rep.mu cfApps.so dep.ureg cfApps.ss dep.aud rep.uv uts.su pts.pc prv.r cfApps.ar rep.ap prv.c rep.vu",
    "jti": "868a95bbbddc4fd8a57e340c2bb7ebb6"
}

Best Practices to Issue Tokens

  • Cache tokens and only issue a new one if they expire.
    Although the Token Manager API provides caching, it is recommended to implement your own caching to overcome the network latency on the request round trip.
  • Do not expose tokens via endpoints.
  • Do not print the service credentials in the application log.

Any questions left?

Ask the community


Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.