#
Authentication
This topic will cover:
- Authentication to API resources.
- Authentication to MQTT broker.
Please pay attention to the following important about the authentication method in SAM Element IoT platform:
- The authentication method adopts JWT (JSON Web Token) authentication. Please refer to https://jwt.io for more information about JWT format.
- You will need your API username and password generated on the API page in your developer account to create JWT token.
- There are 2 types of tokens based on their user:
developer tokenanduser token. - There are 2 types of tokens based on their functionality:
refresh tokenandaccess token. - The life span of refresh token is
180 days. - The life span of access token is
12 hours. - Authentication server address is https://iot.samelement.com/auth
The figure below explain how to obtain your developer refresh token and access token:
The figure below explain how to obtain your user refresh token and access token:
Warning
Please follow the Best Practice to avoid security breach:
- Only when access token has been expired or near expire, use refresh token to obtain new access token.
- Only when refresh token has been expired or near expire, use username and password to obtain new tokens.
- Use developer access token to access API resources available for developers.
- Use user access token to access API resources available for end users.
- Please refer to developers API for App for complete instruction on how to use the access token for app.
- Please refer to developers API for Device for complete instruction on how to use the access token for device.
The following figure is generally used of access token. For detail please refer to the related API documentation:
