Have more questions? Submit a request

REST API Authentication

To use REST API, you need Device Plan Pro or Ultra. REST API does not work on the free Open Device Plan or Basic Plan without the Add-on.


For REST API your application needs to be authenticated using request Header: X-Auth. In signageOS are 2 types of tokens:

  • (User) Account token
  • Organization token

Account token

The Account token is used for:

  • manipulation with Company
  • creating new Organizations
  • moving devices between Organizations.

How to get an Account token

User tokens can be generated on the User Account page in Box for users with a Manager or Owner role in the Company.

  1. Log in to Box
  2. Go to your User profile
  3. Generate a new token

Tokens are invalidated if the user is archived.

Organization token

The Organization token is used for manipulation with devices, tags, policies, and other features in signageOS.

How to generate an Organization token in Box

  1. Go to Organizations section in signageOS Box
  2. Select Organization you need the token for
  3. Select the API Token tab
  4. Fill in a name for your Token and press Add new token
  5. Once generated, save the Token ID and Token Secret.

Token Secret is only available at a time of creating a token. It's not visible once you close the modal window.


How to generate an Organization token using REST API

Generating Token for an Organization, use the following REST API:

POST /organization/:organizationUID:/security-token

For the REST API, you have to use the Account token in the x-auth header.

Use X-Auth token

Use the generated token as X-Auth header separated by a colon. E.g __TOKEN_ID__:__TOKEN_SECRET__

# X-Auth = token_id:token_secret
curl -XGET --header 'x-auth: c19aexxx5295:46595b1121xxxxffa73015f3d0e43f1d9'

Keep in mind that after you reload the page the token will disappear.

Was this article helpful?
0 out of 0 found this helpful