Skip to content

API Keys

Overview

The TN360 API uses API keys to perform authentication for API access. Multiple types of keys may be generated:

  • Company key: Provides full, unrestricted access to all TN360 API's for the associated company account.
  • User key: Provide access to all API's with the authorisation of the user account associated with the key. This key may access all API's with restrictions enforced for the user.
  • Integration key: A restricted API key created for a specific integration use case. This key has policy restrictions enforced to ensure only the access scope of the integration is allowed.

Tip

Prefer using an Integration key where possible for improved security

Company Key

A company key is really a master key for the account and has full, unrestricted access to all TN360 API's. In general the use of this key is not recommended as there are few authorisation checks and balances associated to its use. Think of this key as the "System Administrator" key and restrict its use where possible.

Warning

A fully open, company-wide, key may be provided if needed but requires a special request to the integrations team. Note that while the key may be revoked on request, it provides unfettered access to all company data, and could be misused.

User Key

A user authenticating to the platform will receive an API key as part of the authentication response that may then be used for API calls. Access controls and authorisations are applied by the service relative to that user's access rights within the platform (ie. the roles and permissions assigned to the user).

Integration Key

A slightly different model applies to integration use cases. Here an API key is generated for a specific purpose (eg. retrieving vehicle meters, or managing geofences) and the keys are policy restricted whereby only the available endpoints and operations needed to support the use case are allowed.

In general, this key type should be preferred for standard integration purposes.

To generate an integration API key, please contact the Integrations Team integrations@teletracnavman.com

Using an API Key

The API key must be provided with every inbound request to the TN360 API's. It can be provided in two (2) ways. As the HTTP Authorization header, or as a static HTTP header.

As an Authorization Header

Info

The API key must be provided in exactly this form within double quotes as part of the token="" element.

As part of the standard HTTP Authorization header as a 'Token' type. eg.

GET /v1/vehicles
Authorization: Token token="{{your api key}}"
...

or alternatively a simpler invocation is to use the API key as a 'Bearer' type. eg.

GET /v1/vehicles
Authorization: Bearer {{your api key}}
...

As a Static HTTP Header

Note

If both the Authorization header and the X-API-Key header are provided - the Authorization header key will take precedence.

The services also accept the API key if specified in the X-API-Key HTTP header. eg.

GET /v1/vehicles
X-API-Key: {{your api key}}
...