API
Documentation
  • Welcome!
  • REST API
    • Overview
    • Authentication
    • Swagger docs
    • Query an endpoint
    • Filter query results
    • Handling timestamps
    • Backward compatibility
    • Exporting Data using ODATA
    • Power BI Incremental refresh
    • Data Lake Transfer Gateway
    • EXAMPLES
      • Upload production schedule
      • Find all Running Orders
      • Interact with the Order Lifecycle
      • Consume and Submit an Activity
      • Raise an Event in TilliT
  • MQTT API
    • Overview
    • Connect to the TilliT Broker
    • Subscribe to a TilliT Topic
    • Setting a MQTT Integration
    • Publish Timeseries
    • Publish Order Progress
  • Activity API
    • Overview
    • JavaScript Basics
    • Using $scope and OnLoad Scripts
    • JavaScript Object Schema
  • Release Notes
    • 2024
      • April
Powered by GitBook
On this page
  • Overview
  • Create a Service Account in TilliT
  • Authenticating your requests
  • BASIC Authentication
  • BEARER Authentication
  1. REST API

Authentication

PreviousOverviewNextSwagger docs

Last updated 9 months ago

Overview

You can use the API to send and receive data from TilliT, allowing you to integrate other solutions with TilliT. To ensure your endpoint is secure, every request is authenticated over a HTTPS connection with either a Basic or Bearer Token Authorization header.

To start, you will need to setup an account. The API cannot use Single Sign On (SSO), so you must create an account in TilliT.

Create a Service Account in TilliT

  1. With an existing account, navigate to Users -> Manage -> Actions -> Create

  2. Fill out the form with the following, where EMAIL should be a secure company email and user groups and site should be assigned to all those applicable. Do not use a personal email for your API User.

  1. You will receive an email to confirm your account, follow the steps to create the password you will use to authenticate with.

Authenticating your requests

Using the service account, you will need to create the appropriate Authorization header. Choose either BASIC or BEARER authentication methods.

BASIC Authentication

Authorization:Basic ZGVtbzpwQDU1dzByZA==

Because base64 is easily decoded, Basic authentication should only be used together with other security mechanisms such as HTTPS/SSL.

Checkout the Swagger documents to learn more.

  1. To apply the above knowledge to TilliT, it is important to know that a TilliT username is compose via the following, replacing username and tenant.

{username}@{tenant}.tillit.cloud
	
  1. We can easily create our base64-encoded string using the following command in a terminal window

echo 'username@tenant.tillit.cloud:password' | base64
	
  1. Using the result from this command, we can now complete our first request to the TilliT API and retrieve all sites

curl -H 'Authorization:Basic <ENCODED_TEXT>' https://tillit.cloud/api/core/sites
	

BEARER Authentication

Authorization:Bearer <token>

Checkout the Swagger documents to learn more.

is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username:password. For example, to authorize as demo / p@55w0rd the client would send

Bearer authentication (also called token authentication) is an that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as “give access to the bearer of this token.” The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization header when making requests to protected resources:

The Bearer authentication scheme was originally created as part of in , but is sometimes also used on its own. Similarly to , Bearer authentication should only be used over HTTPS (SSL).

Basic authentication
HTTP authentication scheme
OAuth 2.0
RFC 6750
Basic authentication
https://swagger.io/docs/specification/authentication/basic-authenticswagger.io
https://swagger.io/docs/specification/authentication/bearer-authentication/swagger.io