Authentication
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude

HEMS uses Bearer Token authentication. All API requests require a valid JSON Web Token (JWT).

Organization Credentials

Upon registration, you will receive:

Client ID: A unique public identifier for your organization.
Client Secret: A confidential key used to acquire access tokens.

Warning: Never share your Client Secret in client-side code, public repositories, or with unauthorized personnel.

Acquiring an Access Token

To interact with the HEMS API, you must first exchange your credentials for a short-lived access token using the OAuth 2.0 Client Credentials flow.

Request

POST /oauth/token

Authentication is done via HTTP Basic Auth — pass your client_id as the username and client_secret as the password.

curl -i -X POST \
  -u <client_id>:<client_secret> \
  https://api-hems.obeliskapp.com/oauth/token \
  -H 'Content-Type: application/json' \
  -d '{"grant_type": "client_credentials"}'

Response

{
  "access_token": "eyJh...",
  "token_type": "Bearer",
  "expires_in": 3600
}

Authentication Headers

All protected requests must include the Authorization header:

Authorization: Bearer <your_access_token>

Note: Access tokens are valid for 1 hour. After expiry, request a new token using your Client ID and Client Secret.

AuthenticationCopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from Claude