REST Auth API: HTTP Requests

The REST API supports two mechanisms for authenticating access; basic authentication and OAuth 2.

If you are integrating to a single Arlo Platform with a single client, we recommend using Basic authentication with a service account.

Basic authentication - credentials

You can authenticate to the REST API to make requests by using HTTP basic authentication to convey your identity.

For example, if you want to explore the API using your web browser, you can navigate to https://{platform_name} , and your browser should prompt for your credentials to authorize access.

The username and password you should use are the same as those you activated your account with and use to log into the Management Platform. For production scenarios involving systems integration, we recommend a separate service user account is created for API operations that isn't shared with anyone else.

OAuth 2

Arlo supports the widely used OAuth 2.0 protocol to enable secure access to our API.

In order to use OAuth 2.0 with the REST API, you must first be registered and approved as an Arlo OAuth 2.0 client by registering via our developer portal. Once you have successfully registered and been approved, read this page for detail on employing oauth to access the rest api.

To request OAuth approval, please contact after registering an OAuth client. Please note that no authentication requests will work until this has been completed.


Before trying to authenticate, you must first ensure your account has been added to the API User and Administrator roles. Only users in both of these roles have unencumbered access to use the REST API.

If your identity is associated with only the Presenter and API User roles, certain limited access is allowed to the REST API.

Please consult the RBAC documentation for further details.

Please Note:

Users with MFA enabled will not able to authenticate access to the API. If you're trying to access the API and you have MFA enabled;

  • If your platform MFA setting is Optional, you can disable MFA by editing your own Contact record under the Security tab. Your username and password will then grant you access to the API.
  • If your platform MFA setting is Required, you won't be able to disable MFA on your own account, so you'll need to create a new "Integration Account". Follow these steps to do this.