Authentication
To interact with the Ctrack Crystal API, you need to authenticate each request using a valid JSON Web Token (JWT).
Authentication Components
- Login method: The
loginmethod generates a JWT, which you will use to authenticate your API requests. - This token is returned in the response and must be included in the request header for all subsequent API calls.
- x-token header: Once you have obtained a JWT from the
loginmethod, include it in thex-tokenheader of your API requests to authenticate them. - ocp-apim-subscription-key header: The ocp-apim-subscription-key header is an additional security mechanism and account identifier, essential to interacting with the API. This key must be included in all requests.
Authentication Methods
Credentials
- Method:
POST /api/authenticate/login - Request Body: Provide your Crystal username and password.
- Response: The response contains a JWT and the expiration date of the token.
- Example:
POST /api/authenticate/login
content-type: application/json
ocp-apim-subscription-key: <your-subscription-key>
{
"username": "your-crystal-username",
"password": "your-crystal-password"
}
The credential-based login required you to provide your Crystal username and password. These are the same credentials used to log in to the Crystal Website, and the credentials can be managed from there.
Secret
POST /api/authenticate/login
content-type: application/json
ocp-apim-subscription-key: <your-subscription-key>
{
"secret": "your-api-secret"
}
Example of the response
{
"jwt": "ey...",
"validToUtc": "2024-07-29T15:51:28.071Z"
}
Using the JWT token
GET /api/v1/vehicles
x-token: jwt-token
ocp-apim-subscription-key: your-subscription-key