Getting Started

Authentication Process

The Anyline Cloud API uses OAuth2.0 for authentication, which is the industry-standard protocol for authorization.

Requesting an Access Token:

To call the CloudAPI, you will require an access-token. Please follow the steps below to receive your token.

Required Credentials:

Before you receive an access-token, you will need to request the following credentials. * ClientID * ClientSecret

Please reach out to either your Account Executive or Customer Success Manager to request these credentials.

Use these Credentials to request an Access-Token:

Upon receiving these credentials, the next step is to make a POST request to our Domain with the following parameters:

  • grant_type: Set this to 'client_credentials'.

  • client_id: Set this to the application’s Client ID.

  • client_secret: Set this to the application’s Client Secret.

  • audience: Set this to 'https://prod.cloud-api.anyline.com'.

  • scope: E.g. for the Tiresidewall use-case, set it to 'cloudapi:tiresidewall'.

Here is an example for CURL:

curl --request POST \
  --url https://auth.anyline.com/oauth/token \
  --header 'content-type: application/json' \
  --data '{"client_id":"YOUR-CLIENT-ID","client_secret":"YOUR-CLIENT-SECRET","audience":"https://prod.cloud-api.anyline.com","grant_type":"client_credentials","scope":"cloudapi:tiresidewall"}'
The response will contain your access_token.

Use the Access-Token to call the CloudAPI:

To authenticate your API calls with the Access-Token, send the Access-Token in Authorization Header by including it in the 'Authorization' header of your HTTP requests.
Use the 'Bearer' schema:

curl --request POST \
  --url https://api.anyline.com/v2/tiresidewall \
  --header 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
  --data '{image: "yourBase64Image"}'

Replace 'YOUR_ACCESS_TOKEN' with the actual Access-Token you received from the previous step.

The Access-Token is a standard JWT. It is valid for 24h so you need to do this flow only on new devices or if the token.exp is expired. As a best-practise, you should cache and reuse the Access-Token till it’s expired. This will also speed up the calls, if not on every call a new Access-Token is fetched.

Make Your API Calls:

Now you are ready to make your API calls. All necessary information about how to call the API can be found in the accompanying API documentation for the latest release of the CloudAPI.

Best Practices for Securely Handling Credentials and JWTs

When integrating with any API, especially those dealing with sensitive data or operations, it’s crucial to handle authentication credentials and tokens with the utmost care. This section provides an overview of best practices for securely managing your ClientID, ClientSecret, and JWTs to prevent unauthorized access and ensure the integrity of your application.

Understanding the Risks:

ClientID & ClientSecret: These are essentially the username and password that your application uses to authenticate with the Anyline Cloud API. If these are exposed, an attacker could potentially consume your resources.

Never expose these Client Credentials publicly (Public repositories, Frontend Applications or similar).

JWT (Access-Token): While JWTs are short-lived, they are powerful. An exposed token can allow an attacker to perform operations on behalf of your application until it expires.

In the Anyline Cloud API, JWTs are valid for exactly 24 hours to facilitate Machine-to-Machine (M2M) communication. However, to further enhance security, these should ideally be managed and stored exclusively in your backend. This approach not only secures the JWT but also allows you to implement additional layers of security by generating short-lived tokens for your frontend to backend communication, minimizing potential exposure and risk.

General Recommendations:

Store Credentials Securely: Always store your ClientID and ClientSecret in a secure and encrypted server-side environment. Environment variables or secrets management services are typically used for this purpose.

Secure Transmission: Always use HTTPS to encrypt communications between your client and server, and between your server and the Anyline Cloud API.

Limit Access: Only the parts of your application that absolutely need to access these credentials should be able to. Implement strict access controls and regularly audit who and what has access.

For enhanced security measures, consider incorporating specific mechanisms such as Cross-Origin Resource Sharing (CORS), Cross-Site Request Forgery (CSRF) protection, and rate limiting into your application. Each provides a targeted defense strategy, collectively strengthening the overall security posture of your system.