Authentication

Domains

The MOST API services must be consumed by the client's backend and their servers must be registered on an IP whitelist. Thus, any communications with embedded devices must pass through the client's backend before being directed to mostQI.

INFO

Production domain: production-mostqiapi.com (with whitelist)

Domain for production, validation, and POC: mostqiapi.com (without whitelist)

The domain for validation and POC can be accessed from any IP. These two domains point to the same production environment.

It is not recommended to use the mostqiapi.com domain for production, as it is subject to interruptions associated with security triggers.

CAUTION

The exclusive production domain can only be accessed by backends whose IPs have been registered on a whitelist by mostQI.

All requests must be made using the HTTPS protocol.

JWT Token

For increased security, we have adopted the JWT standard with the implementation of unique and temporary tokens. This means that a new authentication token will be required for each request.

The authentication token obtained through this route will be used to authenticate the other services of mostQI. Each token has a validity of 10 minutes and can only be used once.

JWT tokens are obtained by sending a request to the Authenticate (Get JWT) endpoint, passing the client key in the body of the request.

Security

Requests will pass through a WAF (Web Application Firewall) that will assess the behavior of applications consuming the services.

Visit our Information Security Policy.

Domains#

JWT Token#

Security#

Domains

JWT Token

Security