General API Security

All API calls are secured by a subscription key and an access token.

• The subscription key generally enables access to the Cloud API.

• The access token belongs to an individual user / device owner and therefore controls which devices and their data an end user is allowed to see.

Subscription Key

An active subscription key is mandatory and must be sent in the "x-api-key" header or the x-api-key query parameter of each call.

The subscription key (Primary Key or Secondary key) is assigned to your developer account used to login on the Developer Portal. You can subscribe for your own subscription key here.

The key can be used by several users. In most cases the developer will use his single subscription key for all requests of all clients using the solution. Alternatively a developer could create an individual subscription key for each of his clients.

ApiKey - Name and Secret

The ApiKey (Name and Secret) limits access to your devices (the ones which have been registered to your account.
The registration of a device to your account is done via the mobile App during the cloud enable process.
For more information how to cloud enable your device please follow the instruction in the documentation of the Zehnder IoT Cloud Dashboard .

You can manage your personal APIKey (Name and Secret) directly under the application setting in the Zehnder IoT Cloud Dashboard