We are enhancing the authentication mechanism for the KODE OS Public API by introducing OAuth 2.0. This update brings stronger security, flexible access controls, and greater visibility for integrations built on our API platform.
The new OAuth 2.0 authentication framework enables developers to authenticate securely using service accounts and control access with fine-grained permissions. This upgrade offers a scalable, secure, and enterprise-ready API platform that adheres to industry-leading standards.
OAuth 2.0 Authentication: Token-based access via industry-standard authorization protocol
Service Accounts: Create dedicated credentials for each integration or service
Granular Permission Control: Define exact access scopes for services and data types
Scoped Access by Building: Restrict or enable access per building, offering precise control over environments
Centralized Account Management: All service accounts can be managed through Launchpad
Versioned API Structure: Updated all endpoints to follow a standardized /api/v1/ path format for clarity and long-term maintainability.
Read Buildings (required for all other scopes)
Read/Add Devices
Read Building Areas
Read/Add/Write Point Metadata
Read/Create Timeseries
Improved Security - OAuth 2.0 enables token-based authentication that limits exposure and increases control
Controlled Access - Define exactly what data and features a service account can access using scopes
Scalable Integration - Assign service accounts per project or team, making it easier to manage large deployments
Visibility & Auditing - Know which account has access on what, across different buildings and services
Simplified Management - Easily create, modify, and revoke service accounts using Launchpad’s user interface
External developers building or maintaining integrations with the KODE OS Public API.
The updated API documentation, including OAuth 2.0 setup instructions, is now available here: https://documenter.getpostman.com/view/37847641/2sAYkEqfGB
Learn more about creating and managing Service Account by visiting the following article: Service Account Setup
Effective Path Structure Update – `/api/v1/` Standardization
To improve consistency, versioning, and maintainability, we’ve updated the structure of several API endpoints under the `/kodeos` path. This document outlines the changes from the previous (legacy) paths to the new versioned structure.
What is changing with the KODE OS Public API authentication?
The authentication method is being upgraded from API key-based access to OAuth 2.0 with service accounts and granular permission control.
What is OAuth 2.0?
OAuth 2.0 is a secure token-based access authentication method.
Why is this change happening?
To improve security, allow developers to manage specific permissions per integration, and provide better visibility into API usage.
What are granular permissions?
Granular permissions allow precise control over what data and actions a service account can access or perform, using scopes, like "Read Buildings," "Read Devices and Add Devices," "Write Points," and "Read Timeseries."
How do I manage service accounts?
Service accounts are managed via the Launchpad platform.
Will the Public API endpoints or data structures change?
No, only the authentication method is changing.
Can permissions be configured per building?
Yes, permissions can be scoped to access a single building or multiple buildings.
Where can I find the updated KODE OS Public API documentation?
The updated documentation is available at https://documenter.getpostman.com/view/37847641/2sAYkEqfGB
How do I create a new service account?
Log in to Launchpad, navigate to the Company section, click on Service Account, and then click Add New Service.
Can keys have expiration dates?
Yes, each key can have its own expiration date and notification settings.