Client Credentials OAuth Guide

Assuming a user has completed the OAuth2 Authorization Code flow and authorized your application, or some type of pre-enrollment has been completed. You can now use a Client Credentials OAuth token to complete API calls.

Obtaining the token

The Authorization HTTP header for this request is a Base64 encoded value of apikey and apiSecret concatenated with a colon. For example if your API Key was 123abc and your Secret was 456def your HTTP header would look like this:
Authorization: Basic MTIzYWJjOjQ1NmRlZg==

curl -X POST -H "Authorization: Basic MTIzYWJjOjQ1NmRlZg==" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=client_credentials'

The result!

As long as everything else went OK you will receive a response that looks like this:

{
  "refresh_token_expires_in": "0",
  "api_product_list": "[Basic Plan, demandresponse-Product]",
  "organization_name": "connectedhome",
  "developer.email": "developerinfo@resideo.com",
  "token_type": "BearerToken",
  "issued_at": "1487281223451",
  "client_id": "123abc",
  "access_token": "456def",
  "application_name": "b1bd4907-924a-4470-a641-0effeb279834",
  "scope": "user",
  "expires_in": "3599",
  "refresh_count": "0",
  "status": "approved"
}

Making user-based API calls with a Client Credentials token

If a user and device(s) have been authorized to your API Key, API calls can be made on the user's behalf by adding an HTTP Header called "UserRefID" and the value of the header is the UserID obtained from the API.

Example Request:

curl --location --request GET 'https://api.honeywell.com/v2/locations?apikey=(yourApiKey) \
--header 'UserRefID: 625115 \
--header 'Authorization: Bearer (yourclientcredentialstoken)