API Authentication

To make requests to the API a Bearer JWT token will need to be generated and attached to every API request.

Client Credentials

A Client ID and a Client Secret will be provided to you during Partner and Scanning devices on boarding.

Keep the Client Secret stored securely

Using the provided Client ID and Client Secret make a request to https://auth.prismlabs.tech/oauth/token to generate a Bearer token to be used when making request to Prism API.

Sandbox vs. Production

The url to generate the access token will always be https://auth.prismlabs.tech/oauth/token.

The audience value will change depending on environment:

https://sandbox-api.prismlabs.tech/ when using sandbox credentials
https://api.prismlabs.tech/ when using production credentials

curl --location --request POST 'https://auth.prismlabs.tech/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=PARTNER_CLIENT_ID' \
--data-urlencode 'client_secret=PARTNER_CLIENT_SECRET' \
--data-urlencode 'audience=https://sandbox-api.prismlabs.tech/'

var request = require('request');
var options = {
  'method': 'POST',
  'url': 'https://auth.prismlabs.tech/oauth/token',
  'headers': {
    'Content-Type': 'application/x-www-form-urlencoded',
  },
  form: {
    'grant_type': 'client_credentials',
    'client_id': 'PARTNER_CLIENT_ID',
    'client_secret': 'PARTNER_CLIENT_ID',
    'audience': 'https://api.prismlabs.tech/'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});

import http.client

conn = http.client.HTTPSConnection("auth.prismlabs.tech")
payload = 'grant_type=client_credentials&client_id=PARTNER_CLIENT_ID&client_secret=PARTNER_CLIENT_SECRET&audience=https%3A%2F%2Fapi.prismlabs.tech%2F'
headers = {
  'Content-Type': 'application/x-www-form-urlencoded',
}
conn.request("POST", "/oauth/token", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))

{
    "access_token": "GENERATED_ACCESS_TOKEN",
    "scope": "AUTHORIZED_SCOPES",
    "expires_in": 86400,
    "token_type": "Bearer"
}

Extract and cache the access_token until it expires for requests to the API. Failure to cache may result in additional costs or revoking access to Prism API.

From now on, every time you make a call to our API endpoints attach the cached access_token as a Bearer token to the Authorization header. 'Authorization: Bearer GENERATED_ACCESS_TOKEN'

Below you can find sample code for an example of creating a new user via the /users endpoint:

curl --location --request POST 'https://sandbox-api.prismlabs.tech/users' \
--header 'Accept: application/json;v=1' \
--header 'Authorization: Bearer GENERATED_ACCESS_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
    "sex": "male",
    "region": "north_america",
    "birthYear": 1950,
    "weight": {
        "value": 275,
        "unit": "lb"
    }
}'

var request = require('request');
var options = {
  'method': 'POST',
  'url': 'https://sandbox-api.prismlabs.tech/users',
  'headers': {
    'Accept': 'application/json;v=1',
    'Authorization': 'Bearer GENERATED_ACCESS_TOKEN',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    "sex": "male",
    "region": "north_america",
    "birthYear": 1950,
    "weight": {
      "value": 275,
      "unit": "lb"
    }
  })

};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});

import http.client
import json

conn = http.client.HTTPSConnection("sandbox-api.prismlabs.tech")
payload = json.dumps({
  "sex": "male",
  "region": "north_america",
  "birthYear": 1950,
  "weight": {
    "value": 275,
    "unit": "lb"
  }
})
headers = {
  'Accept': 'application/json;v=1',
  'Authorization': 'Bearer GENERATED_ACCESS_TOKEN',
  'Content-Type': 'application/json'
}
conn.request("POST", "/users", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))

Note: that the Accept header requires a version number application/json;v=1

PreviousPartner & scanning devices onboarding NextAPI Version

Last updated 6 months ago