Getting started
Authentication
Discover how to authenticate and manage access to our APIs.
Attention please
Each API endpoint is secured by authentication. This ensures that your data can only be access by valid (authenticated) clients.
Personal access token authentication
A personal access token is a string value passed by a client application to the API endpoints. The key uniquely identifies the client application and the customer and impersonates the user thus granting the users right and customer contexts to the application.
Create a new personal access token
A new personal access token has to be generated using the tesma web UI found at https://tesma.com. After logging in, the user must go to his profile settings and select the tab Personal access tokens. Here a new, cryptographically random personal access token can be generated.
After creating the token, the user receives an email containing the link to activate the personal access token. This is mandatory for regulatory and security reasons.
Use the personal access token
The application developer embeds the personal access token in the client application by using the header X-API-KEY. The client application must present the PAT for each request. API services verify the personal access token before permitting the applications's request.
{
"method": "GET",
"url": "https://api.tesma.com/v1/metadata/manufacturers",
"headers":{
"X-API-KEY": "4uT3BxjGpiKpeTYe1Y3j343xjVZGXRvkKf0WtyGPsJGnTlIQtIEDJdFFvOwyU2s6iMwEsule79e5"
}
}
Define Corporate-Group-Name
The personal access token is only valid in combination with the related CorporateGroup-Name key and value in the header of the request.
Error code 401 Unauthorized
Requests that cannot be authenticated will return a
401 Unauthorizederror response. If you are receiving a401, check:
- is your
X-API-KEYheader being sent?- is your
X-API-KEYheader formatted properly?- are you using a valid, active API token?