In case you find any situation (possible attack scenario) which doesn’t conform to this document, please notify us immediately. The purpose here is pure technical, for a legal text go to our SDK Agreement.
Controls
An API operation (read, list, create, etc.) can be:
- unrestricted - the operation is allowed to anyone. Resources under such control are considered public.
- restricted-to-license - the operation on a resource is allowed to anyone who has a valid license for that resource. These are usually b2c operations.
- restricted-to-partner - the operation on a resource is allowed only to the administrator of a 3rd-party application. These are usually b2b operations.
- admin-only - the operation is only available to some of our employees (and maybe contracted partners).
General rules
- All API access must go over HTTPS. This is true for mobile clients as well.
- We employ both session and token authentications. B2B/server-server operations must authenticate with the token, while human-server operations must authenticate with the session.
- Some operations are seemingly unrestricted, but you have to know a license key to retrieve/change anything.
- Our SDK does not keep a record of your users, they are identified by their license key.
Resources
Application
This entity represents the measurement application you develop.
All operations on an existing application are restricted-to-partner. This includes:
- viewing/modifying the API token
- viewing the details of an application.
| Operation | Intention | Note |
| Enumerate | admin-only | - |
| View | restricted-to-partner | - |
| Create | restricted-to-partner | - |
| Modify | restricted-to-partner | - |
| Delete | admin-only | - |
License
This entity represents an allowance to use Notch sensors.
| Operation | Intention | Note |
| Enumerate | restricted-to-partner | Must list only licenses that were purchased by the given partner. |
| View | restricted-to-license | - |
| Create | restricted-to-partner | Creating = purchasing a new one. |
| Modify | restricted-to-partner | - |
| Delete | restricted-to-partner | - |
Activation
During activation, the Notch sensor is authorized to make measurements with a given license key. This is a code exchange process initiated by our SDK.
| Operation | Intention | Note |
| Enumerate | restricted-to-partner | - |
| View | restricted-to-partner | - |
| Create | restricted-to-license | - |
| Modify | admin-only | - |
| Delete | admin-only | - |
License Network
Here is the sensor network represented (how devices communicate). This entity is managed by our mobile SDK.
| Operation | Intention | Note |
| Enumerate | admin | only not supported operation |
| View | restricted-to-license | - |
| Create | restricted-to-license | - |
| Modify | restricted-to-license | - |
| Delete | restricted-to-license | - |
Notch Device
This one is tricky, as it’s not represented on our public API, but some details must be available to the measurement SDK. The following details are unrestricted:
- mac address
- product versions (HW/SW versions, version strings)
- calibration information
In some cases, we want to hear about the sensor status. Re-reporting calibration data is restricted-to-license.
