Skip to content

API request authorization waysΒΆ

Specify an authorization key in the HTTP Header in order for any Watcher API call to be executed. The key may also affect the rights to execute requests and the results returned.

Authorization key types:

  1. System x-vsaas-api-key can be used for billing integration. It is shown in Watcher settings. This key is valid as long as it stays unchanged. It allows to execute any requests with Super Administrator permissions except for token request at the Agent activation.

    Example call

    curl -v -X GET -H 'x-vsaas-api-key: 7c75da8fb314183f1f825271898a3687' -H 'content-type: application/json' http://127.0.0.1/vsaas/api/v2/cameras

    The request will return the list of all cameras added in Watcher; compare to point 3 below.

  2. x-vsaas-session should be used to implement user actions in your own app or web UI for Watcher. It is returned in response to /vsaas/api/v2/auth/login request in the session parameter. It is valid until session limit is exceeded (if the limit is set in Watcher settings or user settings, otherwise valid permanently). This key allows requests within the logged in user permissions.

    Example call

    curl -v -X GET -H 'x-vsaas-session: W98uOoiMFf46SyE78RjWIZjsaVM' -H 'content-type: application/json' http://127.0.0.1/vsaas/api/v2/auth/whoami

    The request will return all parameters of the user for whom the session is opened.

  3. User x-vsaas-api-key can be used for billing integration with limited permissions or any other automation. You can generate it in user profile and it will be valid as long as it stays unchanged. Use this key with x-vsaas-user: user name. It allows requests within the permissions of the specified user.

    Example call

    curl -v -X GET -H 'x-vsaas-api-key: M8rT4KvfT3tZpCj34Qbk5CEt' -H 'x-vsaas-user: user1' -H 'content-type: application/json' http://127.0.0.1/vsaas/api/v2/cameras

    The request will return the list of cameras visible to user1; compare to point 1 above.