Authentication

This API uses OAuth2 Client Credentials for business-to-business access.

Keep credentials secure

Treat your client_secret like a password. Do not embed it in client-side apps or expose it in logs.

OAuth2 Client Credentials Flow

Partners authenticate using the OAuth2 Client Credentials grant type (M2M, no user login). Currently, you will be issued:

client_id - your unique identifier
client_secret - your secret key (treat like a password)
token_endpoint - the URL to exchange credentials for an access token

Portal access coming soon

Soon you will be able to access and manage these credentials directly in the Viana partner portal.

Step 1: Get an access token

http

POST {token_endpoint}
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET

Response:

json

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 300,
  "token_type": "Bearer"
}

Step 2: Use the token in API requests

Include the token in every API request as a Bearer token in the Authorization header:

http

GET /api/v1/devices/status
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...

Token expiry and refresh

Tokens expire after the period shown in expires_in (seconds). Request a new token before it expires.
There is no refresh token in client credentials flow. Re-request a token using your credentials.
Recommended: cache the token and re-request when it has less than 30 seconds remaining.

Operational recommendation

Use centralized token management in your integration service so all API calls share one valid cached token.

Network access scoping

Your token automatically contains a network_ids claim that restricts which data you can see. This is configured by Viana during onboarding; you do not need to pass network IDs in requests.

Authentication ​

OAuth2 Client Credentials Flow ​

Step 1: Get an access token ​

Step 2: Use the token in API requests ​