Hapn API authentication uses a Bearer token as a way to secure API endpoints. It is based on the OAuth 2.0 protocol and involves exchanging a token between the client and the server to authenticate the client's access to protected resources.

In order to issue requests to the API, you must receive your clientId and clientSecret from customer success.

Receiving an Authorization Token

To use a bearer token you need to obtain a valid token first. This is done by sending a request to the authorization server with the client credentials. The url for the authorization server is https://auth.usehapn.com/oauth2/token

Contact our customer success team to request API access credentials.

Issue a request to the following endpoint to receive a bearer token:

curl --location --request POST 'https://auth.usehapn.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials&client_id=CLIENT_ID&client_secret=CLIENT_SECRET'

Replace <CLIENT_ID> and <CLIENT_SECRET> with the actual API credentials provisioned by the Customer Success team.

Response:

{
    "access_token": "ACCESS_TOKEN"
    "token_type": "Bearer",
    "expires_in": 3600
}

This token is valid for one hour.

Including the Bearer Token in the Request

Once you have obtained a bearer token, you need to include it in the Authorization header of the HTTP request to access protected resources. To do this, add the following header to your request:

Authorization: Bearer <ACCESS_TOKEN>

Sample request using a Bearer token:

curl --request GET \
     --url https://api.iotgps.io/v1/devices \
     --header 'Authorization: Bearer ACCESS_TOKEN' \
     --header 'Accept: application/json'

Replace <ACCESS_TOKEN> with the actual token value obtained.

🔐 Tips for Using Bearer Tokens

A Bearer token should be treated as confidential information and not shared with anyone.
Bearer tokens have a limited lifespan of 1 hour, which means that they expire after a this period of time. It is important to obtain a new token when the old one expires. This ensures that you always have a valid token to use when making API calls. Failing to obtain a new token could result in authentication errors.
You can request a new Bearer token before the previously issued token has expired