In case you find any situation (possible attack scenario) which doesn’t conform to this document, please notify us immediately. The purpose here is pure technical, for a legal text go to our SDK Agreement.
An API operation (read, list, create, etc.) can be:
- unrestricted - the operation is allowed to anyone. Resources under such control are considered public.
- restricted-to-license - the operation on a resource is allowed to anyone who has a valid license for that resource. These are usually b2c operations.
- restricted-to-partner - the operation on a resource is allowed only to the administrator of a 3rd-party application. These are usually b2b operations.
- admin-only - the operation is only available to some of our employees (and maybe contracted partners).
- All API access must go over HTTPS. This is true for mobile clients as well.
- We employ both session and token authentications. B2B/server-server operations must authenticate with token, while human-server operations must authenticate with session.
- Some operations are seemingly unrestricted, but you have to know a license key to retrieve/change anything.
- Our SDK does not keep record of your users, they are identified by their license key.
This entity represents the measurement application you develop.
All operations on an existing application is restricted-to-partner. This includes:
- viewing/modifying the API token
- viewing the details of an application.
This entity represents an allowance to use Notch sensors.
|Enumerate||restricted-to-partner||Must list only licenses that were purchased by the given partner.|
|Create||restricted-to-partner||Creating = purchasing a new one.|
During activation the Notch sensor is authorized to make measurements with a given license key. This is a code exchange process initiated by our SDK.
Here is the sensor network represented (how devices communicate). This entity is managed by our mobile SDK.
|Enumerate||admin||only not supported operation|
This one is tricky, as it’s not represented on our public API, but some details must be available to the measurement SDK. The following details are unrestricted:
- mac address
- product versions (hw/sw versions, version strings)
- calibration information
In some cases we want to hear about the sensor status. Re-reporting calibration data is restricted-to-license.