Skip to content

API request authorization ways

Specify an authorization key in the HTTP Header in order for any Watcher API call to be executed. The key may also affect the rights to execute requests and the results returned.

Authorization key types:

  1. System x-vsaas-api-key is shown in Watcher settings. It allows to execute any requests with Super Administrator permissions.

    Example call

    curl -v -X GET -H 'x-vsaas-api-key: 7c75da8fb314183f1f825271898a3687' -H 'content-type: application/json' http://127.0.0.1/vsaas/api/v2/cameras

    The request will return the list of all cameras added in Watcher; compare to point 3 below.

  2. x-vsaas-session is returned in response to /vsaas/api/v2/auth/login request in the session parameter. It is valid until the user is logged out and allows requests within the logged in user permissions.

    Example call

    Note

    For testing purposes, you can see the x-vsaas-session parameter in the request executed by Web UI (see How to use DevTools to obtain browser logs).

    curl -v -X GET -H 'x-vsaas-session: W98uOoiMFf46SyE78RjWIZjsaVM' -H 'content-type: application/json' http://127.0.0.1/vsaas/api/v2/auth/whoami

    The request will return all parameters of the user for whom the session is opened.

  3. User x-vsaas-api-key can be generated in user profile. Use it with x-vsaas-user: user name. Allows requests within the permissions of the specified user.

    Example call

    curl -v -X GET -H 'x-vsaas-api-key: M8rT4KvfT3tZpCj34Qbk5CEt' -H 'x-vsaas-user: user1' -H 'content-type: application/json' http://127.0.0.1/vsaas/api/v2/cameras

    The request will return the list of cameras visible to user1; compare to point 1 above.