Authentication
All endpoints are protected and require authentication. The only supported method is Bearer Token. Add the following header to your request, replacing token with the proper value:
Authorization: Bearer <token>
There are two types of tokens: client tokens, and site tokens.
Client tokens
Client tokens can be generated by you in the developer portal.
They unlock access to all functions of the API, and as such should be stored securely. They are intended to be used for server to server communications only. They never expire, but can be revoked manually if needed.
To protect you and security of our systems, Flip doesn't store the tokens, and cannot retrieve them if they are ever lost. Please make sure you store them securely.
Site tokens
Site tokens are created by calling /v1/auth/site/{site_id}, and are specific to a given site. They are intended to be used for communications between your mobile app and Flip's API. They expire after one hour, after which you will need to call the endpoint to request a new one again.
:::warning
If a site token is used to get or act on data from a different site, a 401 UNAUTHORIZED or 403 FORBIDDEN error will be returned.
:::
Which type of token for which endpoint
| Endpoint | Client token | Site token |
|---|---|---|
POST /v1/auth/site/{id} |
✅ | ❌ |
POST /v1/commission |
✅ | ❌ |
GET /v1/site/{siteId}/devices |
❌ | ✅ |
GET /v1/site/{siteId}/device/{id} |
❌ | ✅ |
PATCH /v1/site/{siteId}/device/{id} |
❌ | ✅ |
GET /v1/site/{siteId}/device/{id}/dispatches |
❌ | ✅ |
GET /v1/site/{siteId}/dispatch/{id} |
❌ | ✅ |
PATCH /v1/site/{siteId}/dispatch/{id} |
❌ | ✅ |
POST /v1/site/{siteId}/enrollments |
❌ | ✅ |
GET /v1/site/{siteId}/enrollments |
❌ | ✅ |
DEL /v1/site/{siteId}/enrollment/{id} |
❌ | ✅ |
GET /v1/site/{siteId}/programs |
❌ | ✅ |
GET /v1/site/{siteId}/program/{id} |
❌ | ✅ |
GET /v1/site/{siteId} |
❌ | ✅ |
PATCH /v1/site/{siteId} |
❌ | ✅ |
GET /v1/commands |
✅ | ❌ |
PATCH /v1/command/{id} |
✅ | ❌ |
POST /v1/telemetry |
✅ | ❌ |