Developer GuideCommand Console API Reference

Authentication

How to securely access our API.

OverviewCopied!

This page outlines how to authenticate with the Electric Era Command Console API using JSON Web Tokens (JWT). The process involves generating a secure token and using it to make authenticated API requests.

PrerequisitesCopied!

  • Valid credentials (username and password) for the Command Console environment of choice. We have two environments, dev and prod.

  • The client ID and audience parameters will be different between the Command Console environments; make sure you obtain these via Command Console.

  • An HTTP client or library (e.g., requests in Python, axios in JavaScript, etc.)

Generating a Secure TokenCopied!

To obtain a JWT access token, send a POST request to the Auth0 token endpoint with the required credentials.

Endpoint DetailsCopied!

  • URL: <specific to the Command Console environment>

  • Method: POST

  • Content-Type: application/x-www-form-urlencoded

  • Body Parameters:

    • grant_type : password

    • username: Your email

    • password: Your account password

    • client_id: <specific to the Command Console environment>

    • audience: <specific to the Command Console environment>

A successful response will return a JSON object containing the access_token:

{
  "access_token": "YOUR_ACCESS_TOKEN",
  "token_type": "Bearer",
  "expires_in": 86400
}

Using the Secure TokenCopied!

Store the access_token securely for use in API requests. Note the expiry time and make sure to refresh periodically.

Use the access_token to authenticate requests to the Electric Era Command Console API by including it in the Authorization header with the Bearer prefix.

Best PracticesCopied!

  • Secure Storage: Store the access_token securely (e.g., in memory or encrypted storage) and avoid logging sensitive data.

  • Token Expiration: Tokens typically expire (e.g., after 24 hours). Refresh the token by repeating the generation before expiration.

  • Error Handling: Handle HTTP errors (e.g., 401 for invalid tokens, 400 for bad requests) and retry or refresh as needed.

  • Environment Variables: Store sensitive data like username, password, and client_id in environment variables or a secure vault. Note that at this time, API keys are not offered.

  • HTTPS: Ensure all requests use HTTPS to protect data in transit.

TroubleshootingCopied!

  • 401 Unauthorized: Verify the access_token is valid and correctly included in the Authorization header.

  • 400 Bad Request: Check the request body format and parameters for the token request.

  • Invalid Credentials: Confirm the username, password, client_id, and audience are correct.

  • Network Issues: Ensure the API endpoints are accessible and correct (e.g., no typos in URLs).