Authentication
Use the Authentication API endpoint to request a bearer token for other API endpoint requests, which is required if Access Control is enabled on the Q-SYS Core processor.
Variables are marked with curly brackets { } in request commands:
-
core-ip
: the Core's IP address -
bearer
: the token for/api
endpoints authentication
Note: If your client does not add the HTTP Host
header by default, it must be provided with each request. Otherwise, the request won't pass security checks, resulting in HTTP code 406 ("Not Acceptable").
With the correct user credentials, this request issues a new temporary Bearer token for /api
endpoint access. The token expires within 1 hour if the user does not perform any API requests with it. This expiration timeout is reset on every request.
curl -k -X POST https://{core-ip}/api/v0/logon \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{
"username": "qrcm-user",
"password": "this-is-not-secure"
}'
Every subsequent request to the /api
endpoints must include this token in the Authorization header. For example:
curl -k -X GET https://{core-ip}/api/v0/cores/self/users \
-H "Accept: application/json"
-H "Authorization: Bearer {bearer}"
This request revokes a bearer token and prevents further /api
endpoint requests with it.
curl -k -X DELETE https://{core-id}/api/v0/logon \
-H "Authorization: Bearer {bearer}"