Authentication and Security

The Motus APIs use JWT tokens to authenticate and authorize users of the API. This guide walks you through obtaining and using tokens for API access.

Step 1: Get API Credentials

Contact Motus to create an API-enabled admin user for your organization. Once created, you will receive a username (loginId) and password.

Step 2: Obtain a JWT Token

Use your credentials to request a JWT token from the token service:

          bash
        

          curl -X POST \
  https://token.motus.com/tokenservice/token/api \
  -H 'content-type: application/x-www-form-urlencoded' \
  -d 'loginId=YOUR_LOGIN_ID&password=YOUR_PASSWORD'
        

This will return a JWT token value that you can use for subsequent API calls.

Step 3: Make Authenticated API Calls

Include the JWT token in the Authorization header of all API requests:

          bash
        
          curl -X POST \
  https://api.motus.com/v1/clientLocations \
  -H 'Authorization: Bearer YOUR_JWT_TOKEN'

Token Expiration

JWT tokens have an expiration date. You can inspect your token using standard JWT libraries to view the expiration time. Once expired, you'll need to obtain a new token by calling the token service again.

Token Validation

You should always validate that tokens have been signed properly. Motus issues JWT tokens signed with the RSA512 algorithm. Our public key is available in JSON Web Key format:

          bash
        
          curl -O https://token.motus.com/tokenservice/pubkey.json

Use this key to validate the signature of all tokens issued by Motus.