Authorization (OAuth2)

Authorization

Method
Description

POST

Obtain OAuth2 Client Credentials Token

https://api.honeywell.com/oauth2/accesstoken

The Authorization HTTP header for this request is a Base64 encoded value of apikey and apiSecret concatenated with a colon. For example if your API Key was 123abc and your Secret was 456def your HTTP header would look like this: Authorization: Basic MTIzYWJjOjQ1NmRlZg== curl -X POST -H "Authorization: Basic MTIzYWJjOjQ1NmRlZg==" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=client_credentials' The result! As long as everything else went OK you will receive a response that looks like this: { "refresh_token_expires_in": "0", "api_product_list": "[Basic Plan]", "organization_name": "connectedhome", "developer.email": "developerinfo@resideo.com", "token_type": "BearerToken", "issued_at": "1487281223451", "client_id": "123abc", "access_token": "456def", "application_name": "b1bd4907-924a-4470-a641-0effeb279834", "scope": "user", "expires_in": "3599", "refresh_count": "0", "status": "approved" }

GET

Get an Authorization Code

https://api.honeywell.com/oauth2/authorize

This call is meant to be done in a browser, this will redirect a user to a login page. Once the user logs-in and consents to the access rights for your application, a redirect will occur to the Redirect URI defined in the query parameter along with an Authorization Code included in the query string as "code=". The Redirect URI must match was is defined in your Application config.

POST

Refresh a Token

https://api.honeywell.com/oauth2/token

Refreshing a token is similar to the last step in the authorization code flow. One thing in particular to pay attention to is the Authorization header. It's a Basic Auth challenge using your API Key and API Secret (sometimes called clientID and clientSecret). The two values are concatenated with a colon and the entire string is base64 encoded. Example: ClientID == 123 & Client Secret == abc base64Encode(123:abc) == "MTIzOmFiYw==" So the HTTP Header would be: Authorization: Basic MTIzOmFiYw==

POST

Create a Token from an Authorization Code

https://api.honeywell.com/oauth2/token

This is used after obtaining an authorization code from the /authorize resource. Pay attention to the Authorization HTTP Header: Base 64 encoded concatenation of client_id and client_secret with a colon. Example: client_id = 9UY8NrmDtIh8GVTkNdX0Y7I6k37254a9 client_secret = Z1947381rwgf0WkPPGPHnGik6h3LdhZ9 Concatenated value: 9UY8NrmDtIh8GVTkNdX0Y7I6k37254a9:Z1947381rwgf0WkPPGPHnGik6h3LdhZ9 Base64 Encoded Value: OVVZOE5ybUR0SWg4R1ZUa05kWDBZN0k2azM3MjU0YTk6WjE5NDczODFyd2dmMFdrUFBHUEhuR2lrNmgzTGRoWjk= Header: Authorization: Basic OVVZOE5ybUR0SWg4R1ZUa05kWDBZN0k2azM3MjU0YTk6WjE5NDczODFyd2dmMFdrUFBHUEhuR2lrNmgzTGRoWjk=