Recently, our devices began reporting failed authentication in response to API calls they are making to Losant. The authentication code was written specific to the Losant return token at the time. Can you tell me if there have been any recent modifications to the Losant API return tokens?
Assuming Alex used the correct naming in the linked post, I’m referring to Application authentication API tokens. Our issue appears similar to the one previously described there, despite our devices being thoroughly tested successfully this past fall.
We have done some more digging and it looks like our problem is with the authorization response as a whole. Here is an example of a recently received response:
Based on our previously working firmware, the last two key-value pairs have been recently added. As our device firmware is not expecting them, authorization fails.
Do you have any documentation on your requirements for this response? We would like to modify our firmware such that it should be able to accept any future modifications to the authorization response.
For each request, we document the schema of the response. You can find them documented for each route:
Overall, we are very, very mindful of modifying and removing existing response fields, but we do quite often add them. If possible, I’d recommend that your device firmware supports this model.
Let me know if you have any more questions. I’d be happy to help!
Thank you for linking the response structure documents and for sharing your update model!
We’ve managed to implement a fix that can handle minor future changes. For the future, it’s worth noting that our devices have limited memory and so should the response format become significantly larger we will likely run into more issues. If many more response fields end up being added, perhaps you should consider adding an alternative shorter format for cases such as ours.