Authentication
Accessing the API Using OAuth Client Credentials Flow
Our API provides access using the OAuth Client Credentials flow for server-to-server authentication. This feature is currently offered as part of our early access program.
Early Access: Requesting Client Credentials
To obtain your client credentials (client ID and client secret), which are required for the OAuth Client Credentials flow, please send an email request to info@fyma.ai with the following details:
- Your name and organization
- A brief description of your intended use case
- Your contact information for follow-up
After verifying your information, we will provide you with a unique client ID and secret.
Step 1: Obtain an Access Token
With your client credentials in hand, you can request an access token using the following HTTPie command:
http https://auth.fyma.ai/oauth/token \
grant_type=client_credentials \
audience=https://api.fyma.ai \
client_id=<YOUR_CLIENT_ID> \
client_secret=<YOUR_CLIENT_SECRET>
Replace <YOUR_CLIENT_ID>
and <YOUR_CLIENT_SECRET>
with the client credentials provided to you. A successful response will include the access token:
{
"access_token": "ACCESS_TOKEN",
"token_type": "Bearer",
"expires_in": 86400
}
Step 2: Access the API
To access the API, include the Authorization
header with the bearer token in your HTTP requests:
http https://api.fyma.ai/tracking-cameras "Authorization: Bearer ACCESS_TOKEN"
Be sure to replace ACCESS_TOKEN
with the actual access token you obtained.
Step 3: Handle Token Expiration
Access tokens are limited to a certain lifespan for security purposes. If your token expires, as indicated by a 401 Unauthorized
response to your API request, obtain a new token by repeating Step 1.
Please note, there is a daily limit on the number of access tokens that can be issued. If you find you are frequently needing new access tokens within a single day, consider caching and reusing tokens for multiple requests wherever possible.
Security Considerations
- Securely store your clients' ID and secret to prevent unauthorized access.
- Always use HTTPS to make API requests.
- Validate the API's SSL certificates to avoid potential security risks.
Support
If you have any questions or need assistance with the OAuth Client Credentials flow or other aspects of the API, please reach out to our support team at info@fyma.com.
Legacy tokens
Legacy token authentication is currently only supported for existing tokens. You can use them via basic auth by entering token ID as a username and token secret as a password.
http -a token-id:token-secret https://api.fyma.ai/tracking-cameras