API key authentication - DMU801

DMU801 Kaiku HTTPS Reports API Description
Product status
Document code
M213354EN
Revision
A
ft:locale
en-US
Product
DMU801
Document type
Technical description

All requests require the X-Api-Key header with a Base64‑encoded API key:

X-Api-Key: <base64-encoded-api-key>

Encoding example

>>> import base64
>>> api_key_plain = "DEMO:SECRET_KEY"
>>> base64_encoded = base64.b64encode(api_key_plain.encode('utf-8')).decode('utf-8')
>>> print(base64_encoded)
REVNTzpTRUNSRVRfS0VZ

cURL example

curl --insecure -v -H "X-Api-Key: <base64-encoded-api-key>" \
  "https://station.example.com/api/application/https_server_1/reports/v1/reports"
If the request fails and you get no response, use the -v option in the cURL command to find out the HTTP status code.

DMU801 uses self‑signed HTTPS server certificates by default, which causes generic HTTPS clients like cURL to fail, because they do not trust the self‑signed certificate. As a workaround for prototyping or testing use, you can use a suitable option in the cURL command, for example --insecure. However, disabling the server authentication with the --insecure option is not safe for production use. For details on secure implementation for production‑grade clients, see Server authentication.

Security

  • API keys are encrypted at rest in the device configuration.
  • Always use HTTPS (TLS 1.2+).
  • Treat API keys as secrets. Do not hardcode in the source code.