Authenticate with API Key
Authentication
API key token
Authenticate with an API key (GUID or legacy); receive a JWT.
POST
Authenticate with API Key
Overview
Authenticates using a GUID API key stored in Telemax, or a legacy non-GUID key resolved via the configured legacy API service. Returns a JWT including API key claims (Actions, Vehicles, DateFormat, etc.) when applicable.
A V2 version of this endpoint is available: API key token. New integrations should prefer V2.
Endpoint
POST /api/Authentication/token/api-key
Authentication
Not required.Request headers
| Header | Required | Description |
|---|---|---|
| Content-Type | Yes | application/x-www-form-urlencoded |
Request body (form)
API key string (GUID format or legacy format).
Example request body
Response
200 OK — sameJwtTokenResponse shape as user login.
| Field | Type | Description |
|---|---|---|
| access_token | string | JWT |
| token_type | string | bearer |
| expires_in | number | Seconds |
Error responses
| Status | Meaning |
|---|---|
| 401 | GUID key not found or deleted |
| 400 | Legacy key could not be resolved, or no active API key row for resolved company |
Authorizations
JWT Bearer token obtained from POST /api/authentication/token/user or POST /api/authentication/token/api-key.
Lifetime: ~24 hours (86,399 seconds). Cache the token and reuse it. Re-authenticate 5 minutes before expiry.
Scoping:
- User tokens are scoped to a single company.
- API key tokens may restrict access to a vehicle allowlist and/or action set (see token claims).
No refresh endpoint — re-authenticate with your credentials when the token expires.
Headers
Standard and must keep it as it is.
Body
application/x-www-form-urlencoded
API key
Example:
"your_api_key_here"
Response
Successful response
JWT access token
Example:
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Example:
"Bearer"
Token lifetime in seconds. Default is 86399.0 (≈24 hours). Cache and reuse this token until near expiry — do not request a new token per API call.
Example:
86399