Skip to main content

API access

Accessing the API Using OAuth Client Credentials Flow

Our API provides access using the OAuth Client Credentials flow for server-to-server authentication. This feature is currently offered as part of our early access program.

Early Access: Requesting Client Credentials

To obtain your client credentials (client ID and client secret), which are required for the OAuth Client Credentials flow, please send an email request to info@fyma.ai with the following details:

  • Your name and organization
  • A brief description of your intended use case
  • Your contact information for follow-up

After verifying your information, we will provide you with a unique client ID and secret.

Step 1: Obtain an Access Token

With your client credentials in hand, you can request an access token using the following HTTPie command:

http https://auth.fyma.ai/oauth/token \
  grant_type=client_credentials \
  audience=https://api.fyma.ai \
  client_id=<YOUR_CLIENT_ID> \
  client_secret=<YOUR_CLIENT_SECRET>

Replace <YOUR_CLIENT_ID> and <YOUR_CLIENT_SECRET> with the client credentials provided to you. A successful response will include the access token:

{
  "access_token": "ACCESS_TOKEN",
  "token_type": "Bearer",
  "expires_in": 86400
}

Step 2: Access the API

To access the API, include the Authorization header with the bearer token in your HTTP requests:

http https://api.fyma.ai/tracking-cameras "Authorization: Bearer ACCESS_TOKEN"

Be sure to replace ACCESS_TOKEN with the actual access token you obtained.

Step 3: Handle Token Expiration

Access tokens are limited to a certain lifespan for security purposes. If your token expires, as indicated by a 401 Unauthorized response to your API request, obtain a new token by repeating Step 1.

Please note, there is a daily limit on the number of access tokens that can be issued. If you find you are frequently needing new access tokens within a single day, consider caching and reusing tokens for multiple requests wherever possible.

Security Considerations

  • Securely store your clients' ID and secret to prevent unauthorized access.
  • Always use HTTPS to make API requests.
  • Validate the API's SSL certificates to avoid potential security risks.

Support

If you have any questions or need assistance with the OAuth Client Credentials flow or other aspects of the API, please reach out to our support team at info@fyma.com.

Legacy tokens

Legacy token authentication is currently only supported for existing tokens. You can use them via basic auth by entering token ID as a username and token secret as a password.

http -a token-id:token-secret https://api.fyma.ai/tracking-cameras