All Resgrid API calls are authenticated via the standard HTTP Basic Auth. There are 2 forms of authentication tokens utilized by Resgrid API calls, User Auth Tokens and System Auth Tokens. You can see below for more detail information on each auth token type. You can all the Resgrid API via HTTP or HTTPS. We highly recommend utilizing HTTPS for all clients that will support it.
The User Authentication Token is a Base64 encoded string that is a pipe delimited list of "UserName|DepartmentId|DepartmentCode". For example "UserName|DepartmentId|DepartmentCode" turns into "VXNlck5hbWV8MXxBQkNE". The User Authentication Token is used for API calls that are intended to be consumed by user facing applications and tools, for example a Mobile App or a website. In this scenario the user should supply your application with their Username, Department Id and Department Code to create the string.
The v3 API calls have a brand new authentication token and authentication scheme compared to the v1 and v2 API's. You can figure out which API version you calling by the "v#" text in the URL.
To call v3 API's you need to first generate an authentication token with the Resgrid API. You can accomplish this by calling the Auth Validate method. You supply your username and password into this call. What will be returned is some data about the authenticated user and 2 important token related pieces of data. The Tkn value is the token you need to pass in all subsequent calls to the v3 API's and Txd is the Token Expiry Date. Your token expires on that date time and you will need to re-authenticate with the API.
The Token is passed in the Authentication header as a Basic value.
The System Authentication Token is a Base64 encoded string that is the API Token that comes from your Department Settings API page.
Here is an example request using cURL sending a Base64 encoded User Auth Token.
$ curl https://api.resgrid.com/api/v2/State/GetCurrentState \ -u VXNlck5hbWV8MXxBQkNE:
curl uses the -u flag to pass basic auth credentials (adding a colon after your API key will prevent it from asking you for a password).