Auhtorization Code Flow problem

I attempted to create a client for AirVantage.

I’m using the Authorization Code Flow. My first request to Airvantage works, then it redirects me to my own webpage with a code as GET parameter. So far so good.
When I attempt to use that code to get an Access token Airvantage tells me:

I do have this Redirect URI correctly registered on Airvantage for my client. When I remove this Redirect URI from my client I get a different error that has the same message.

First request:

https://eu.airvantage.net/api/oauth/authorize?client_id=topsecret&response_type=code&redirect_uri=http://trackerwebtest.traxgo.be/administration/airvantage/

Redirects me to:

http://trackerwebtest.traxgo.be/administration/airvantage/?code=uvJLvh

Second request:

https://eu.airvantage.net/api/oauth/token?grant_type=authorization_code&code=uvJLvh&client_id=topsecret&client_secret=topsecret

Response second request:

{"error":"redirect_uri_mismatch","error_description":"Redirect URI mismatch."}

It seems there’s an error in the documentation. The redirect uri should be passed also in the second call to get the token:

https://eu.airvantage.net/api/oauth/token?grant_type=authorization_code&code=uvJLvh&client_id=topsecret&client_secret=topsecret&redirect_uri=http://trackerwebtest.traxgo.be/administration/airvantage/

Thank you very much for the fast response.
What do I do with the access token though? Do I put it in the body of my POST requests, do I put it in the GET params?

You’re welcome, I’m here to help :slight_smile:

Regarding access_token usage, this part is documented. It should be used in all your requests to the AirVantage API in a query parameter.
For instance, if you want to get the details of a system, you should send the following request:

GET https://na.airvantage.net/api/v1/systems/9b629cbdc71a4276bacec471e35b7bca?access_token=9bb39c86-aafe-4bdb-81a4-b08a01dc5a63

Thank you!

One more step, that is registering a System.

I usually only fill in Type, Serial number IMEI and Name (on the webplatform) but the documentation on endpoint ‘/v1/systems’ shows a lot more options to fill in in the JSON structure. I am how to proceed. I’ll expirement while I wait for your answer.

At the top of the documentation page for the System API, there’s a tab called “fields” explaining the meaning of each ones (more or less detailed).
But almost all the fields are optional, depending which fields you will set, some features will be possible, some will be deactivated.
If your objective is to do approximately what is done in the register activity, here is the content of the post you should do:

{
    "state": "READY", //This sets the State to READY, it means it will be available in the Monitor activity and communciations will be accepted by the server
    "type": "SL8082T", // This sets the system type
    "gateway": { // Here it creates a gateway with the correct identifiers
        "imei": "6644332211", 
        "serialNumber": "1122334466"
    },
    "name": "My system", // Set the name
    "applications": [ // It associates 1 application with the system (here only the firmware version, but you can specify several), it's mandatory as the application define the communication scheme
        {
            "uid": "fa6b9cbe1cb540d49a79ca40a629323b", // The uid of the application to associate
        }
    ]
}

But how do I know what uid I should fill in for the application?

Either you call the Application API to find the application using some criteria (name - version for instance), either you hard-code the application uid (if it’s not supposed to change).
You can see the application uid manually when you go on the application details page: Develop > Application > Click on your application.
The application uid is displayed on the top of the page.

I thought so, but thank you for asserting that.

When I redirect the user to the authorization URL, the user is able to log in on AirVantage to grant my website permission.
My website then adds some Systems to his account, but when the user wants to view the new systems on AirVantage, he has to log in again.

The double login is a bit silly, how come this is happening?

This is the expected behavior defined in the OAuth spec.
The AirVantage user interface and your application are not sharing the same token because we need to track each API client independently.

Thank you!