Every request sent to Ubidots requires a token. A token is a unique key that authorizes requests sent to Ubidots.
There are two ways to get an API token:
The API token is found under the My Profile section on industrial.ubidots.com:
A more secure way is to implement a logic in your device, gateway or external application to generate temporary tokens before every request, using your account's API key. Your API key can also be found in your account's "My Profile" section.
To generate tokens, make a request to this endpoint:
|Your API Key
There are two ways to send a token in a request:
Sending the token in the Header (recommended):
Sending the token as query parameter:
While sending your token as a query parameter might be more straightforward, we only advise doing so in prototyping stages as the token is visible and thus a lot less secure. For production stages, we strongly advise sending the token in the
Authentication without Header - Not Recommended!
While it is possible to send the authentication token as a query parameter, sparing the
X-Auth-Tokenheader, it is much less secure. Including a token -or any security credential- in a URL path will make it easily readable in router logs, browsers' history, and packet sniffers.
//Example Request to create a device with Token in the Header
curl -X POST 'https://industrial.api.ubidots.com/api/v2.0/devices/' \
-H 'Content-Type: application/json' \
-H 'X-Auth-Token: oaXBo6ODhIjPsusNRPUGIK4d72bc73' \
//Example Request to GET all devices with Token sent as Query Parameter
curl -X GET 'https://industrial.api.ubidots.com/api/v2.0/devices/?token=asdf657asdf675asdf876asdf' \