This section will familiarize you with the first steps to take on the Xively side, when you build an application for your connected product, for example an app through which your end-users are going to sign up, log in, and communicate with their devices.

To make your app able to communicate with Xively and make API calls, you need to generate application credentials (appId and appToken) that will authenticate your app in Xively. An account can register many applications - each with varying privileges, which can be modified or revoked at any time.

You can choose between credentials for an end-user app or a back-end app.

Some calls relating to user credentials will ask for an Application Token (appToken) in the call, in order to authorize them. To register your app to generate the necessary credentials (appId and appToken), see Generating app credentials.

End-user app credentials

Credentials for the end-user app allow your for signing up your end-users. An end-user application operates in IDM (Identity Management service) only and by default can create identities. After an end-user is logged in, all API calls are made using the end-user's JWT.

Back-end app credentials

Back-end applications have a wider set of permissions than end-user applications. Credentials for the back-end app allow this app to accomplish various deeper integrations and management tasks. In addition to the credentials, the back-end application uses also its JWT to authenticate itself to Xively.
To adjust the permission set and to get credentials for a back-end application, contact Xively.

Generating app credentials

Register your app so it can make API calls to Xively. The appId identifies your app in Xively, and the appToken is the password your app connects with to Xively.

  1. In the Xively management app, from the left-side menu select END-USERS > App credentials.
  2. On the “App credentials” page, click “Create new app credential”.
  3. In the “Create app credentials” window, give your application a name and select the type of credentials:
  • For end-user app credentials, click “Select” and “Create”.
    Copy and save your app token when it is displayed.
    Important! Capture and store the appToken when first creating the application. For security reasons, it is displayed only once. It is not possible to retrieve this appToken again.
    Regenerating new appToken for an appId will invalidate the previous ones.
  • For back-end app credentials, contact Xively through the internal chat to specify the needed permission set for your app.
  1. After you saved the appToken, click OK.
  2. On the “App credentials” page, click turquoise rectangle of the app to copy its appId.

You registered your application!

Use the generated appId and appToken to authenticate your app in Xively.

Secure management of credentials

Store application credentials in a safe place. We do not recommend embedding the credentials directly in the app code.

A safe method of handling the credentials is for example to have a separate application running on your server and let this application be the only one reader of your app credentials.

Updated 3 years ago


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.