VXG Knowledge Base

REST API

VXG provides a powerful API for integration with other services and front-ends. The API functions are divided into several sections. Each section has an API reference in Swagger format. Each function can be called and tested online.

image-20230207-010603.png

Authorization

The API functions are divided into 3 categories with different levels of security.

“Acc” authorization

The least secure API uses a "camera access token" for authorization and it's designed for use with front-ends like web and mobile apps. The “camera access token” is a unique camera identifier that can be changed at any time.

All function calls require an authorization header:

'Authorization: Acc %channel_access_token%'

Example of an authorization header:

curl -X GET \
  "https://web.vxgdemo.vxgdemo.cloud-vms.com/api/v4/live/watch/" \
  -H "accept: application/json" \
  -H "Authorization: Acc eyJjYW1pZCI6IDI0ODUyNywgImNtbmdyaWQiOiAyNDg5NjQsICJhY2Nlc3MiOiAiYWxsIiwgInRva2VuIjogInNoYXJlLmV5SnphU0k2SURJek5UWXpPWDAuNjFhOTY0YzN0YmMxZmFiMDAueEJXWGRrc0FVUnY2d3M1TU9aWC1BUUloLUtNIiwgImFwaSI6ICJ3ZWIuc2t5dnIudmlkZW9leHBlcnRzZ3JvdXAuY29tIiwgImNhbSI6ICJjYW0uc2t5dnIudmlkZW9leHBlcnRzZ3JvdXAuY29tIn0="

Similar to a “camera access token”, Cloud VMS also operates with “group access tokens” that represent a group of cameras. The API for “group access tokens” uses “SI” instead of “Acc” in the authorization header.

“LKey” authorization

The next level is Admin API which uses a "license key" for authorization and it's designed to be used from a back-end. On this level, the API can add new cameras and control cloud resources. It can also retrieve “camera access tokens” and generate new ones. There is one "license key" per account/user (which can be a user, organization, or customer).

The “license key” should be injected into the Authorization header of every request:

Authorization: LKey %license_key%

For example, if the license key is "v3.X9tKpuXq0btatj":

curl -X GET \
  "https://web.vxgdemo.vxgdemo.cloud-vms.com/api/v3/channels/" \
  -H "accept: application/json" \
  -H "Authorization: LKey v3.X9tKpuXq0btatj"

Key & certificate authentication

The highest level of security is used by super admin API and it requires a key & certificate for authentication. It's designed for cloud-to-cloud communication. On this level, the API can create accounts/users, retrieve existing “license keys”, or generate new ones.

For example:

curl -X POST \
  --key ./company.key\
  --cert ./company.crt\
  -k\
  https://ip:9000/api/v2/admin/users/\
  -H "accept: application/json" \
  -H "Content-Type: application/json" \
  -d "{ \"suid\": \"user_id\", \"usrc\": \"Company_name\", \"license_key\": {\"value\": \"LICENSEKEY\"}, \" limits\": {\"hosted_cameras\": 100} }"

V2 API

Authorization - license key (LKey) or access token (Acc)

https://web.vxgdemo.vxgdemo.cloud-vms.com/docs/v2.html

V3 API

Authorization - license key (LKey)

https://web.vxgdemo.vxgdemo.cloud-vms.com/docs/v3.html

V4 API

Authorization - access token (Acc)

https://web.vxgdemo.vxgdemo.cloud-vms.com/docs/v4.html

V5 API

Authorization - group access token (SI)

https://web.vxgdemo.vxgdemo.cloud-vms.com/docs/v5.html

V2 Super-admin API

Authorization - SSL key/certificate pair

https://web.vxgdemo.vxgdemo.cloud-vms.com/docs/v2_admin.html