Skip to main content

How to access SUM-IT API

Permissions required

Only users with the permission to edit API settings can access the API screen and manage all API-related data. From the predefined roles, only the System Administrator has permission to edit API settings.

Obtaining access token

To use the API, you must first obtain an access token. This process involves the following steps:

Step 1: Obtain Client ID and Secret Access Key

  1. Log in to the application with an account that has the necessary permission.
  2. Navigate to the API screen from the sidebar menu.

  1. On the API screen, click the Create access key button.
  2. A dialog will appear displaying the Client ID. The Secret Access Key will not be shown initially; it is hidden by default.
    • To view the Secret Access Key, click the Show secret access key button.

Step 2: Request Access Token

Once you have the Client ID and Secret Access Key, you can request an access token from the authorization server using the client credentials flow.

Example Request

POST /oauth2/token HTTP/1.1
Host: sumit.auth.eu-central-1.amazoncognito.com
Content-Type: application/x-www-form-urlencoded
Authorization: Basic BASE64_ENCODED(CLIENT_ID:SECRET_ACCESS_KEY)

grant_type=client_credentials
  • Authorization Header: Use basic authentication where the username is the Client ID and the password is the Secret Access Key. This should be base64 encoded in the format CLIENT_ID:SECRET_ACCESS_KEY.

Response

If the request is successful, you will receive a response containing the access token:

{
  "access_token": "YOUR_ACCESS_TOKEN",
  "expires_in": 3600,
  "token_type": "Bearer"
}

You can now use this access token to authenticate your API requests.

Making API Calls

To make API calls using the access token, include it in the Authorization header of your request. Here's an example of how to use the access token to retrieve projects:

GET /api/v1/projects HTTP/1.1
Host: sumit.zyko.eu
Authorization: Bearer YOUR_ACCESS_TOKEN

Replace YOUR_ACCESS_TOKEN with the actual access token you received in the response from the Request Access Token step.