Authentication
OAuth2 and scopes.
All requests must be authenticated. We support OAuth2 client credentials for server to server access and short lived user tokens for portal sessions.
Authorization header
Authorization: Bearer <access_token>
Token lifetime
Access tokens expire after 1 hour. Refresh by requesting a new one using your client credentials. Never embed long lived secrets in client side code.
Scopes
| Scope | Grants |
|---|---|
| assets.read | Read wind farms, turbines and components. |
| measurements.read | Read time-series measurements. |
| measurements.write | Push SCADA measurements. |
| alerts.read | Read alert rules and alerts. |
| alerts.write | Create, update and acknowledge alerts. |
| maintenance.write | Create and update work orders. |
| reports.read | Read aggregates and export reports. |
Tenant context
Every token is bound to one organization. The API automatically filters results to the assets that this organization is granted access to. There is no cross tenant read path.