Guides
SIGN INSIGN UP

Damoov API Authorization Policies

Suggest Edits

1. Scope of Access:

  • User JWT:
    • Provides access to individual user data.
  • Admin JWT:
    • Grants access to all data associated with the company.

2. JWT Acquisition and Refresh Mechanics:

reference: 🛡 Authentication

  • Initial JWT and refresh token acquisition is through user authentication service.
curl --request POST \
     --url https://user.telematicssdk.com/v1/Auth/Login \
     --header 'InstanceId: InstanceId' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "LoginFields": "{\"Devicetoken\":\"UUID\"}",
  "Password": "InstanceKey"
}
'

curl --request POST \
     --url https://user.telematicssdk.com/v1/Auth/Login \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "LoginFields": "{\"email\":\"[email protected]\"}",
  "Password": "Password"
}
'
  • For token renewal, use the following API request:
curl --request POST
--url https://user.telematicssdk.com/v1/Auth/RefreshToken
--header 'accept: application/json'
--header 'content-type: application/json'
--data '
{
"AccessToken": "YOUR_ACCESS_TOKEN",
"RefreshToken": "YOUR_REFRESH_TOKEN"
}
'

3. Token Revocation:

  • To revoke existing JWT and refresh tokens:
    • Re-issue a new one via the initial authorization method.

4. Logging & Monitoring:

  • All token usage and unauthorized access attempts are logged.
  • Logs retention period is 3 days.

5. API Rate Limits:

  • Authorization API:
    • Limited to 5 requests per hour.
  • Refresh Token API:
    • No rate limits.

6. Multi-factor Authentication:

  • No MFA requirement for the JWT issuance process.

7. Data Protection:

  • For token storage on the client-side:
    • Follow best practices to ensure the JWT is stored securely.

8. Token Structure:

  • Specific details about the JWT's payload structure and the claims it includes are not disclosed.

9. Error Handling:

  • Common errors include:
    • Status 401: For expired tokens.
    • Clients should be aware of other standard HTTP status codes.

10. Endpoint Security:

  • All API endpoints are secured by Cloudflare.

Updated about 1 year ago