Authentication and Security

The Motus APIs use JWT tokens to authenticate and authorize users of the API. To obtain a JWT token, first contact Motus to create an API-enabled admin user. Once you have the username and password for the user, you may make the following call to obtain a JWT token: curl -X POST \ https://token.motus.com/tokenservice/token/api \ -H 'content-type: application/x-www-form-urlencoded' \ -d 'loginId=176818&password=XXXX' That call will return you a JWT token value, and you can pass that in the `Authorization` header of your API call: curl -X POST \ https://api.motus.com/v1/clientLocations \ -H 'Authorization: Bearer <fill in jwt value here>' The JWT token can be inspected using standard JWT libraries. This will allow you to view the expiration date of the token. Once the token has expired, you will need to obtain a new one by calling the token service again.

You should always validate that the token you received has been signed properly. Motus issues JWT tokens signed with the RSA512 algorithm, and our public key can be obtained in JSON Web Key format by calling curl -O https://token.motus.com/tokenservice/pubkey.json You may use the key to validate the signature of all tokens issued by Motus.