Authentication

Copy

• Copy for LLM

  Copy page as Markdown for LLMs
• View as Markdown

  Open this page as Markdown
• Open in ChatGPT

  Get insights from ChatGPT
• Open in Claude

  Get insights from Claude
• Connect to Cursor

  Install MCP server on Cursor
• Connect to VS Code

  Install MCP server on VS Code

HEMS uses Bearer Token authentication. All API requests require a valid JSON Web Token (JWT).

Organization Credentials

Upon registration, you will receive:

• Organization ID: A unique identifier for your entity.
• Organization Secret: A confidential key used to sign requests and acquire access tokens.

Warning: Never share your Organization Secret in client-side code, public repositories, or with unauthorized personnel.

Acquiring an Access Token

To interact with the HEMS API, you must first swap your credentials for a short-lived bearer token.

Request

POST /organization/auth/token

{
  "organizationId": "your_org_id",
  "secret": "your_org_secret"
}

Response

{
  "accessToken": "eyJh... (JWT)",
  "expiresIn": 3600,
  "scope": ["Devices", "Users"]
}

Scopes

HEMS uses granular scopes to restrict access. Common scopes include:

• Users: Ability to list and manage user accounts.
• Devices: Access to monitor and control energy devices.

Authentication Headers

All protected requests must include the Authorization header:

Authorization: Bearer <your_access_token>