The authentication service. Clients can use this to obtain and manage tokens that grant access to the other resources in this API.
The meter uses JSON Web Tokens (JWT or simply token) to restrict access to protected resources. Clients must include such tokens in requests via the HTTP Authorization header. This header must have the form:
Authorization: Bearer JWT
where JWT is a valid token.
Tokens are valid for a limited time; typically for about 10 minutes. However, a meter may revoke a token earlier, e.g., due to a reboot.
There are two ways for supplying credentials to obtain a token:
With a Digest object in the request body, a token is obtained without transmitting the password.
With a Password object in the request body, a token is
obtained with a password. This option is available only over
a secure connection (https://
scheme).
We recommend using Digest-based authentication whenever possible.
Authentication response.
Bad Request.
{- "rlm": "eGauge Administration",
- "usr": "owner",
- "nnc": "eyJ0eXAi...w5GCvM",
- "cnnc": "565ce9541eddec103347b5174704e188",
- "hash": "ce5e308c27da651964de14f65bd8b059"
}
{- "jwt": "eyJ0eXAi...aQvQxY",
- "error": "Error message (present if an error occurred)."
}
Revoke the JWT supplied as the bearer token in the Authorization header.
Logout response.
Bad Request.
{- "status": "OK",
- "error": "Error message (present if an error occurred)."
}
This resource returns a 401 response unless the request contains
an Authorized
header with a valid JWT token. This can be used
to check the validity of a JWT token and, if invalid, obtain the
realm and server nonce required to refresh the token.
Status response.
Unauthorized response.
{- "status": "OK",
- "error": "Error message (present if an error occurred)."
}