v3 of the API implements the same token-based authentication as the v2 API.

To access the API you will need an API key (token), issued by Wattwatchers.

Your API key is available via the Fleet Management app. Please contact Wattwatchers support if you don't have the details for accessing this app. Your API key is available under the profile menu (the person icon in the top-right of the Fleet Management app):

API keys menu option in Profile menu

Bearer token authentication

Bearer token authentication requires your application to provide an Authorization header with your API key preceded by the text Bearer.

For example:

GET /devices HTTP/1.1
Host: api-v3.wattwatchers.com.au
Content-Type: application/json
Authorization: Bearer key_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Using curl:

curl -X GET -H "Authorization: Bearer key_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" "https://api-v3.wattwatchers.com.au/devices"

In python, using the popular requests library, you can do this by passing a dictionary via the headers argument:

import requests
# TIP: It's best that your API key be stored in an environment variable (retrieved using os.getenv()), not in your code e.g.:
# import os
# api_key = os.getenv('YOUR_ENV_VAR_NAME')
#
# This is a simplified example to demonstrate the concept:
api_key = 'key_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' # insert your actual key here
headers = {
  'Authorization': 'Bearer %s' % api_key
}
response = requests.get('https://api-v3.wattwatchers.com.au/devices', headers=headers)

In Javascript (client-side), using the axios library:

const axios = require('axios');
const api_key = 'your_secret_api_key'

// set the default headers for all requests
const api = axios.create({
  baseURL: 'https://api-v3.wattwatchers.com.au',
  headers: {
    'Authorization': `Bearer ${api_key}`
  }
});

api.get('/devices')
  .then(function (response) {
    // handle success
    console.log(response);
  })
  .catch(function (error) {
    // handle error
    console.log(error);
  })
  .then(function () {
    // always executed
  });

How to get an API key

Please contact the Wattwatchers team to have an API key setup. We will distribute the API key to you securely once we have set it up and assigned the correct devices and related permissions.

Keep your API key secret!

When designing your application, be sure not to expose your API key insecurely. This includes not hard-coding it into your application and putting it in source control, or in a browser-based app storing it in cookies or local storage etc.

Best practice for server-side applications is to store your API key as an environment variable and accessing this programatically. For browser applications, this should only be returned to your app after you have authenticated the user and via https (SSL).

Do not send your API key via insecure email or web-based communications tools.

What is the API key (Bearer token)?

The API key is a string token that identifies and authenticates a client application to the API.

The API key represents a set of permissions to a pre-defined set of devices that the client application is permitted to access (read and modify).

This token lives until it is expired by Wattwatchers.

If you need to restrict access to a subset of devices, you will need to arrange creation (by Wattwatchers) of a new API key for your organisation.