Get Credentials

Get credentials to use the API

ThingSpace platform credentials and tokens

You need an API Token to send API requests through the ThingSpace Platform. If you haven’t registered or signed in, you won’t have access to your token to use in your application or with the API console. You must register and sign in to be able to get keys and generate tokens to send real API requests.

Obtain a ThingSpace token programmatically

Your application must send an API token in the header of every API request. We use the OAuth2 “client credentials” grant type, and we require that the application key and secret are Base64 encoded. To obtain an API token:

  1. Sign in to thingspace.verizon.com.
  2. On the home page, click My Keys. (Or from any page in the site, click your avatar–or the Gravatar icon if you don’t have an avatar–and then click “Key Management” to go to your keys page.)
  3. Copy the key and the secret and store them in a secure place for your application to use.
  4. Concatenate the key and the secret, with a colon between them, like this:
    my_key_value:my_secret_value
  5. Encode the entire string in Base64 format. (To learn more about encoding in Base64 format, visit https://www.base64encode.org/.)
  6. Send a POST request to https://thingspace.verizon.com/api/ts/v1/oauth2/token with the encoded string in the header.
    Curl Example:
    curl -X POST -d "grant_type=client_credentials" -H "Authorization: Basic BASE64_ENCODED_APP_KEY_AND_SECRET" -H "Content-Type: application/x-www-form-urlencoded" "https://thingspace.verizon.com/api/ts/v1/oauth2/token"

The response will contain a token that you must include in the header of all Device Location API requests. The token will be valid for one hour from when it was first issued, and any further token requests during that hour will return the same token.

You can revoke a token with this request format (user your token in place of TokenToRevoke), and then the next token request will return a new token:

curl -i -X POST -H "Authorization: Basic BASE64_ENCODED_APP_KEY_AND_SECRET" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=client_credentials&token=TokenToRevoke" "https://thingspace.verizon.com/api/ts/v1/oauth2/revoke"

The response contains the revoked token in the header; there is no response body.