Application can not run. Your browser does not support JavaScript!

Mechanism

The DataExchange API uses bearer authentication. Upon authentication, the client receives a JWT token that it includes in the Authorization header of each subsequent request.

Requirements

The API user must be a member of the Device Sync user group. This group is dedicated to integrations and synchronizations — its members have access to DataExchange endpoints, but they don't necessarily have access to the web interface.

Obtaining tokens

Endpoint:

POST /auth/login

Request:

{
  "userName": "syncics",
  "password": "samepassword",
  "locationCode": ""
}

Response: JWT token valid for 6 hours.

Expiration and renewal

The token expires after 6 hours. The client application must handle renewal — either by periodic reauthentication or by automatically re-authenticating upon receipt of a 401 (Unauthorized) response.

LocationCode field

The locationCode field is used internally by the Retail module to set the functional point of sale. It has no effect on API requests — it can be left blank (string empty) for all non-Retail integrations.

<!-- SCREENSHOT: Swagger — /auth/login endpoint with request and response -->

API Authentication

  API Authentication