Cloud API

The Afero Platform exposes a significant range of functionality via a RESTful API set, accessed via HTTP using TLS. Examples include: listing users and devices, obtaining real-time status information, and acting on devices.

At this time, the Afero Cloud API is being made available in a limited form and should be considered early access. For now, error handling is very basic. You should not assume that the API documented here will remain unchanged in the future; no guarantee is made that the format of the API, the specific endpoints, the specific commands, or data made accessible will be continued in future versions. However, you can assume that the API will be expanded in the future, and you should assume that your feedback will be taken into account as the API develops.


API Access

Once you have created your account and have signed in to the Afero Profile Editor, your authentication credentials will be available to you.

The base URL for the Afero API is https://api.afero.io.

Security

Afero API is secure. All Afero API requests must be made over SSL, and must be authenticated using an OAuth 2.0 access key. (To read more, go to OAuth.net documentation). This means your data is safe, but also means you must perform a couple of security-related steps when you use the API, described in the sections below.

One-Time Setup

Sign in to the Afero Profile Editor and open the View > Account Info window (example shown below). From this Account Information window, you can view your “OAuth Client ID” and “OAuth Client Secret”, which you will need to authenticate requests on behalf of the end-user. These credentials should not be shared with untrusted parties!

Account Information

For Each Communication Session

  1. Initiate communication with the API server by requesting an OAuth 2.0 access key, providing your OAuth Client ID and OAuth Client Secret. This step is shown in the first API example in the next section.
  2. Afero responds with an access key, which will expire after approximately four hours.
  3. Include the access key in all HTTP requests to the API endpoints as an Authorization header, as shown in examples in the next section.