Authentication
Overviewโ
The IAMOTIVE API by IMOTIVE Solutions SL uses Basic Authentication to securely authorize access to its endpoints. This method requires a valid clientId and clientSecret provided by IMOTIVE.
All requests to IAMOTIVE API must include a valid access token, which can be retrieved using your client credentials.
๐ Authentication Endpointโ
To obtain an access token, send a POST request to the following endpoint:
{environment}/auth/token
Replace {environment} with the appropriate environment base URL. For production:
https://api.imotive.es/auth/token
๐งพ Request Headers and Bodyโ
You must include your clientId and clientSecret as a Base64-encoded Authorization header in the format:
Authorization: Basic base64(clientId:clientSecret)
Example using curlโ
curl -X POST "https://api.imotive.es/auth/token" \
-H "Authorization: Basic $(echo -n 'your-client-id:your-client-secret' | base64)" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=basic"
โ Sample Responseโ
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600
}
access_token: Use this token to authorize API requests.expires_in: Token expiration time in seconds (usually 3600 = 1 hour).
๐ Authorization Header Exampleโ
Once you receive a token, include it in all subsequent requests:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6...
๐ฌ Requesting Your Credentialsโ
To use the IAMOTIVE API, you need a clientId and clientSecret. To request access, please contact:
๐ง info@iamotive.es
Include your company name and intended use case.
๐ Key Rotation Policyโ
Automatic credential rotation is not available at this time.
To rotate your keys, contact:
๐ง info@iamotive.es
๐ Security Best Practicesโ
- Never expose
clientIdorclientSecretpublicly. - Always use HTTPS to protect your credentials and tokens.
- Store credentials in secure configuration tools or environment variables.
- Contact IMOTIVE immediately if you suspect your credentials are compromised.