IoT Open Basic

Basic course for IoT Open developers and integrators.

Chapter 4

“It doesn't matter how good your product solution is if users don't enjoy or understand how to use it.”
― Jay Samit

More about users and access

Users, access and roles will be covered more in depth in the advanced course, but the information in this chapter is enough to get you started.

Two ways to access IoT Open

Username and password

You can access IoT Open in two ways. The most common is username and password. When you log in with username and password you will get a session key that is used during the time you are logged in. Even though this token can be valid for a long time it is not lasting forever and therefore this is not a good way to authorize integrations and other tools.


One other alternative is using an API Key. It is almost the same thing as an access token, but it lasts until you remove it. When the API key is used, it always gets the same rights as the user it belongs to. Actually it IS the user that it is connected to.

Here's how to create an API Key

  • Log in to the standard user interface.
  • Navigate to your profile by clicking the account image in the top right corner.
  • Click on Security.
  • Click Create new API Key at the bottom.
  • Enter a name to identify the key.
  • Click Create.
  • The key should now be visible on screen. For security-reasons this key can not be shown again. If a key is needed again please remove the key and create a new one.

Go ahead and create one and remove it if you haven't done so already.

You will need to create more later on, when using Grafana, Node-RED and the Bash scripts. Also note that you can log in to the workbench with a token as well.

More about access

The API Key you just created is used instead of username and password to identify the user. That is a convenient way to use when integrating other systems to IoT Open because you don't have to reveal any passwords and also make it possible to revoke access for one integration while keeping other keys even though they use the same user account.