App Access Control

This section describes how you authenticate and register your apps with the ARRIVE server.

The ARRIVE server requires that your mobile and monitor apps use credentials such as usage tokens or API keys to authenticate with it. These credentials must be registered with the ARRIVE server before the apps can send data to or request data from the server.

Apps, Usage Tokens, and API Keys

The mobile and monitor apps use different authentication credentials:

Mobile app – Uses usage tokens, which are public, non-secret credentials
Monitor app – Uses API keys, which are secret credentials. Apps that include an API key must not be released to the broader public such as releasing them to the (Apple) App Store.

Both the usage token and the API key are associated with a specific environment, production or sandbox.

The ARRIVE server obtains the environment type from the credential and segregates the data in the production and sandbox environments depending on the credential. This action enables you to test your apps without affecting your production data and statistics.

How to Create and Revoke the App Credentials

You can add and revoke usage tokens and API keys for the two types of credentials by going to these locations:

Account >Access >Usage Tokens
Account >Access >API Keys

When you create a credential, you must specify: Credential name – The name that you assign is to help you identify the different tokens and keys that you create. It is the only attribute that you can edit after creation. Production or sandbox environment – Check the production checkbox if you want to create a production credential or leave the production checkbox unchecked if you want to create a sandbox credential.

IMPORTANT: The mobile app and the monitor app must use the same type of environments–production or sandbox–in their credentials to work together.