Basic authentication

Surfsight API uses bearer authentication (also known as token authentication). When a user authenticates in order to access the Surfsight API, the authentication server generates the bearer token. This token should then be used in the Authorization header when making further requests.

You need an email address and password to get a bearer token. When you get started with Surfsight products, we send you an email containing this information.


Each partner can request up to nineteen additional sets of credentials.


Authentication tokens only work for the environment in which you are registered. For example, a user registered to the US cloud receives tokens for that cloud, and not the EU cloud.

To receive an authentication token:

Send the POST /authenticate request with the following structure:

curl --request POST ''
--header 'Content-Type: application/json'
--data-raw '{

  "email": "",
  "password": "123Abcd!"
  1. In the request body, enter the email address and password you received from Surfsight.

    An authentication token is returned. This is the authentication token you will use for subsequent requests.


    The returned token is valid for twenty-four hours.

  2. In any subsequent request, include the authorization header, using the following structure:

    --header 'Authorization: Bearer ImahFWLZWFdD8VVcUtIED2YuOjPFlZpldQTE5tUqKdv'

    The following is an example of the GET /devices/{imei}/events request, with the token in the header.

    curl --request GET{imei}/events
    --header 'Content-Type: application/json'
    --header 'Authorization: Bearer ImahFWLZWFdD8VVcUtIED2YuOjPFlZpldQTE5tUqKdv'