LogoLogo
Insights
  • Introduction
  • A standard integration
  • FAQ
    • FAQ
      • Integration (FAQ)
      • Detections (FAQ)
      • Data interface (FAQ)
      • Security, Privacy and Terms of Service (FAQ)
      • Journeys and Insights (FAQ)
  • SDK
    • Getting Started
      • Android Quick Start
        • 1. Android Checklist
        • 2. Including the SDK
        • 3. Configuration
          • Sample Notification
        • 4. Initialization
        • 5. Starting Detections
        • 6. SDK Status Updates
        • 7. Permissions
        • 8. What's Next
      • iOS Quick Start
        • 1. iOS Checklist
        • 2. Installation
          • Installation with CocoaPods
          • Installation with Carthage
          • Manual Installation
        • 3. Configuration
          • Using Integration Guide
          • Manual Configuration
        • 4. Usage
        • 5. Tips and Guidelines
        • 6. What's Next
      • React Native Quick Start
        • 1. React Native Checklist
        • 2. Installation
        • 3. Configuration
        • 4. Initialization
        • 5. Usage
        • 6. What's Next
    • Appendix
      • Android
        • Android 10 Update Behavior
        • Android Battery Optimization
        • External SDK Dependencies
        • Manifest Permissions
        • Notification Management
      • iOS
        • App Store Privacy Section
        • App Store Release
        • iOS 13 permission changes
        • M1 Simulator Support
        • Swift Support
      • Control Sending Data
      • Controlled Detections
        • Automatic Detections
        • Automatic Detections with Forced Trips
        • Controlled Trips Only
        • Checking Trip Status
      • Custom User Metadata
      • Detecting Vehicle Crashes
      • Migration Guide
        • Android
        • iOS
      • React Native
      • SDK Initialization
      • User Credentials
      • User Linking
      • Xamarin
    • API Reference
      • Android
        • VehicleCrashDetection
          • VehicleCrashEvent
          • VehicleCrashListener
          • CrashCallback
        • InitState
        • MetaUserLinker
        • MetaUserLinkerAsync
        • MetaUserLinkerCallback
        • OnInitCallback
          • InitIssue
        • OnSdkStatusUpdateHandler
        • OnStartFinishedHandler
        • PoiAddress
        • PoiLocation
        • PointOfInterest
        • PoiPlace
        • ResetCallback
          • ResetFailureReason
        • SdkConfig
          • Builder
        • SdkException
        • SdkStatus
          • LocationSetting
          • Quota Status
          • StartStatus
        • Sentiance
        • SubmitDetectionsCallback
        • StationaryInfo
        • Token
        • TokenResultCallback
        • Trip
          • StartTripCallback
          • StopTripCallback
          • TransportMode
          • TripTimeoutListener
          • TripType
        • TripInfo
        • TripProfile
          • HardEvent
          • TransportSegment
          • VehicleMode
        • TripProfileConfig
          • Builder
        • TripProfileListener
        • UserActivity
        • UserActivityListener
        • UserActivityType
      • iOS
        • MetaUserLinker
        • SENTSDK
          • SENTSDKStatus
          • SENTPublicDefinitions
        • SENTConfig
        • SENTTripProcessingTripProfile
          • SENTTripProcessingTransportSegment
          • SENTTripProcessingHardEvent
          • SENTTripProcessingVehicleMode
        • SENTVehicleCrashEvent
      • React Native
    • Battery Optimization
    • How To
      • Check the Location Permissions
    • Troubleshooting
      • Android
      • iOS
        • Bundle format unrecognized, invalid, or unsuitable
        • Error: Undefined symbols for architecture arm64
    • Changelog
      • Android
      • iOS
  • Important topics
    • Authentication and Authorization
    • User linking
    • PlayStore Location Access Review
    • Privacy Report & Dashboard
    • Vehicle Crash Detection
  • Library
    • Events
    • Moments
    • Segments
    • Glossary
  • Backend
    • GraphQL
    • REST API Reference
      • Error Codes (REST API)
    • Offloads
    • Data Reference
      • Data Reference A-B
      • Data Reference C-G
      • Data Reference H-L
      • Data Reference M-P
      • Data Reference Q-T
      • Data Reference U-Z
  • Data Explorer
    • Data Explorer
      • Global (EU)
      • US
      • Australia
  • Guide
    • Firehose
    • Verifying your integration
    • SDK Standard License
    • Journeys License
    • Journeys Application
    • Journeys Privacy Policy
    • Technical & Organizational Measures
Powered by GitBook
On this page
  • User Tokens
  • API Keys
  1. Important topics

Authentication and Authorization

PreviousiOSNextUser linking

Last updated 1 year ago

This document refers to deprecated parts of the platform and has been left intact to help customers with legacy integrations. In order to access the latest platform features and documentation, please go to https://docs.sentiance.com.

The Sentiance Backend speaks REST and GraphQL, both of which share the same authentication mechanism.

An authorization header with content Bearer <token> authenticates and authorizes your request. Based on what kind of token is supplied, the level of access is determined and could affect the functionality of various calls.

Example:

Authorization: Bearer e5c3b842284045d98ed042814f31543f

User Tokens

SDKUsers are created when the . They have a userID and are only authenticated by their token. You can .

API Keys

API Keys are **** a revocable, rotatable, scopeable key with which to query the API**.**

API Keys are generated on-demand with a name, scope, and expiry date and are disclosed to the creator only once. Please ensure the API Key is immediately stored somewhere secure.

API Keys should be stored securely and should never be shared outside your company. A Sentiance employee will never ask for your API Key(s). Any leaked key (even to Sentiance employees) will immediately be revoked and flagged as a security incident.

Name

A name can be given by the developer generating the key. The name is for visual purposes only and has no operational impact. Choose a name that would help you identify the key.

Scopes

Scopes allow you to specify what operations an API Key can perform. Currently, we offer 3 different scopes: user.read, _user.delete _ and user.link. We strongly suggest that you use multiple API Keys with limited scopes for different operations.

Scope
Description

user.read

Use this scope to read user data. This scope should be used with the GraphQL and Rest APIs that are exposed by the sentiance platform to read user data.

user.delete

user.link

Self-Expiring

For increased security, API Keys are self-expiring. The expiry time is 1 year (recently changed from 90 days) from time of creation. After 1 year, the old API Key will stop working and a new one will have to be created. We allow up to 10 active API Keys at any given time, per app. An active key is one that hasn't been revoked or expired.

Please make sure you add the renewal of API Keys to your existing maintenance process and keep track of expiry dates. Developers on your account will receive a reminder e-mail two weeks before the expiry date and one week before the expiry date.

Manage Your Own API Keys

Most of our clients are based on our European platform (even US and Australian clients) at https://insights.sentiance.com. If you are using our US-based or Australian-based platform, please use respectively https://insights.d4.sentiance.com and https://insights.e6.sentiance.com.

Use this scope to delete a user along with all historical data. This scope should be used with the .

Use this scope to link third party users with a sentiance user. This scope should be used with the .

You can manage your own API Keys from our developer portal. Our developer portal has all the tools you need, including a full history of API Keys created, revoked or expired. See it in action

here.
user delete API
user link API
SDK initializes with an App ID and App Secret
retrieve this token from an initialized SDK
API Key scopes