Skip to content
Docs

Authentication

The Telisky MDM API supports two authentication methods: browser-based cookie authentication and API token authentication for programmatic access.

Authentication Methods

Section titled “Authentication Methods”
Section titled “1. Cookie-Based (Browser)”

Used by the web portal. After login, a JWT is stored in an HttpOnly cookie.

Terminal window
# Login
POST /api/auth/login
Content-Type: application/json


{
  "email": "user@example.com",
  "password": "your-password"
}


# Response sets HttpOnly cookie: ts_auth=<jwt>

2. Bearer Token (API)

Section titled “2. Bearer Token (API)”

For scripts and integrations using API tokens:

Terminal window
curl -H "Authorization: Bearer YOUR_API_TOKEN" \
  https://mdm-api.telisky.com/api/devices

Auth Endpoints

Section titled “Auth Endpoints”
MethodEndpointDescription
POST/api/auth/registerCreate a new account
POST/api/auth/loginAuthenticate and get session
POST/api/auth/logoutEnd session
GET/api/auth/meGet current user profile
POST/api/auth/refresh-tokenRefresh JWT token

Login

Section titled “Login”
Terminal window
POST /api/auth/login
Content-Type: application/json


{
  "email": "admin@example.com",
  "password": "SecurePass123"
}

Success Response (200):

{
  "user": {
    "id": "uuid",
    "email": "admin@example.com",
    "role": "admin",
    "tenantId": "uuid"
  },
  "token": "eyJhbG..."
}

Error Response (401):

{
  "error": "Invalid credentials"
}

API Tokens

Section titled “API Tokens”

Generate long-lived tokens for programmatic access:

Create a Token

Section titled “Create a Token”
Terminal window
POST /api/auth/tokens
Authorization: Bearer YOUR_SESSION_TOKEN
Content-Type: application/json


{
  "name": "CI/CD Pipeline",
  "scopes": ["devices:read", "telemetry:read"],
  "expiresAt": "2027-01-01T00:00:00Z"
}

Response (201):

{
  "id": "uuid",
  "name": "CI/CD Pipeline",
  "token": "tsk_abc123...",
  "scopes": ["devices:read", "telemetry:read"],
  "expiresAt": "2027-01-01T00:00:00Z"
}

Available Scopes

Section titled “Available Scopes”
ScopePermission
devices:readList and view devices
devices:writeCreate, update, delete devices
telemetry:readQuery telemetry data
config:readView configuration profiles
config:writeCreate and deploy configurations
firmware:readList firmware versions
firmware:deployDeploy firmware updates
users:readList users
users:writeManage users

Rate Limiting

Section titled “Rate Limiting”
TierLimit
Unauthenticated10 requests/minute
Authenticated (Starter)100 requests/minute
Authenticated (Pro)1,000 requests/minute
Authenticated (Enterprise)Custom

Rate limit headers are included in every response:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 995
X-RateLimit-Reset: 1716825660

Error Responses

Section titled “Error Responses”
StatusMeaning
401Missing or invalid authentication
403Authenticated but insufficient permissions
429Rate limit exceeded

All error responses follow this format:

{
  "error": "Human-readable error message",
  "code": "MACHINE_READABLE_CODE"
}