Authentication
Last updated
Last updated
You can use the API to send and receive data from TilliT, allowing you to integrate other solutions with TilliT. To ensure your endpoint is secure, every request is authenticated over a HTTPS connection with either a Basic or Bearer Token Authorization header.
To start, you will need to setup an account. The API cannot use Single Sign On (SSO), so you must create an account in TilliT.
With an existing account, navigate to Users -> Manage -> Actions -> Create
Fill out the form with the following, where EMAIL should be a secure company email and user groups and site should be assigned to all those applicable. Do not use a personal email for your API User.
You will receive an email to confirm your account, follow the steps to create the password you will use to authenticate with.
Using the service account, you will need to create the appropriate Authorization header. Choose either BASIC or BEARER authentication methods.
Basic authentication is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username:password. For example, to authorize as demo / p@55w0rd the client would send
Because base64 is easily decoded, Basic authentication should only be used together with other security mechanisms such as HTTPS/SSL.
Checkout the Swagger documents to learn more.
To apply the above knowledge to TilliT, it is important to know that a TilliT username is compose via the following, replacing username and tenant.
We can easily create our base64-encoded string using the following command in a terminal window
Using the result from this command, we can now complete our first request to the TilliT API and retrieve all sites
Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.” The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization header when making requests to protected resources:
The Bearer authentication scheme was originally created as part of OAuth 2.0 in RFC 6750, but is sometimes also used on its own. Similarly to Basic authentication, Bearer authentication should only be used over HTTPS (SSL).
Checkout the Swagger documents to learn more.
