Clients of the WoTKit API include third partly applications, sensor gateways, and scripts.
You can manage the access these clients have to your sensor data and remove the need for external clients to share your personal WoTKit name and password in one of two ways:
Once granted access, WoTKit clients can create, modify, or delete sensors and sensor data on your behalf.
A user can generate a key id and key password for WoTKit API clients as follows:
The generated ‘key id’ and ‘key password’ can be used as the name and password in the basic authentication headers used when accessing the WoTKit API.
Applications are clients of the WoTKit that can access the WoTKit API on behalf of more than one user. Application credentials provided during the registration process are unique to that application. All applications appear in the WoTKit application list. They can connect to the WoTKit on behalf of a WoTKit user using the OAuth2 authorization process.
To register a new WoTKit application:
Using the supplied ‘application client id’ and ‘application secret’ applications obtain an access token to access WoTKit sensors on behalf of a user.
For an application to obtain an access token it requests authorization.
The application first requests an authorization code by providing its ‘application client id’ to the WoTKit using its OAuth2 endpoint:
If no user is currently logged in to the WoTKit, a login page will be presented. A WoTKit user must provide their user name and password to continue.
A page will then ask the user to authorize the application to connect to the WoTKit on their behalf. Once authorized, the authorization code is provided to the application by redirection.
The application receives the authorization code and exchanges it along with the application credentials for an access token to use the WoTKit API.
Please see the API Documentation and in particular Authentication for more details.