Overview

This article will explain how you can authorize your API requests.

Authorization Types

The REST API supports 2 methods of obtaining a bearer token; via an API Token, or using the OAuth 2 Authorization Code.

There are various benefits to either approach, but it really depends on your target use case.

API Token	OAuth 2 Authorization Code
Designed for individual users	Designed for integrators and businesses
You can only access the devices registered in your Nuki Web account	You can request access to the devices in other Nuki Web accounts
Simple to create and setup; ideal for users with less technical experience	More complicated to setup
Do not expire; if they fall into the wrong hands, they can be exploited, just like a password	Generated access tokens expire periodically, increasing security

Note

If you are offering an integration to third-parties, you must use the OAuth 2 Authorization Code.

Take a more detailed look at the dedicated article for each type:

• API Tokens
• OAuth 2 Authorization Code