Arlo

REST Auth API: HTTP Requests

The REST API supports two mechanisms for authenticating access; basic authentication and OAuth 2.

For production integrations, we recommend OAuth 2. Basic authentication is useful for initial exploration and setup, but should not be relied upon for ongoing production use.

Basic authentication - credentials

You can authenticate to the REST API to make requests by using HTTP basic authentication to convey your identity. This method is convenient for exploring the API and verifying your setup before moving to OAuth 2.

For example, if you want to explore the API using your web browser, you can navigate to https://{platform_name}.arlo.co/api/2012-02-01/auth/resources/events , and your browser should prompt for your credentials to authorize access.

The username and password you should use are the same as those you activated your account with and use to log into the Management Platform.

Basic authentication is intended for initial exploration and testing only. We will be introducing measures to restrict long-running integrations that rely on basic authentication. All production integrations should use OAuth 2.

OAuth 2

Arlo supports the widely used OAuth 2.0 protocol to enable secure access to our API.

In order to use OAuth 2.0 with the REST API, you must first be registered and approved as an Arlo OAuth 2.0 client by registering via our developer portal. Once you have successfully registered and been approved, read this page for detail on employing oauth to access the rest api.

To request OAuth approval, please contact apisupport@arlo.co after registering an OAuth client. Please note that no authentication requests will work until this has been completed.

Pre-conditions

Before trying to authenticate, you must first ensure your account has been added to the API User and Administrator roles. Only users in both of these roles have unencumbered access to use the REST API.

If your identity is associated with only the Presenter and API User roles, certain limited access is allowed to the REST API.

Please consult the RBAC documentation for further details.


Please Note:

Users with MFA enabled will not able to authenticate access to the API. If you're trying to access the API and you have MFA enabled;

  • If your platform MFA setting is Optional, you can disable MFA by editing your own Contact record under the Security tab. Your username and password will then grant you access to the API.
  • If your platform MFA setting is Required, you won't be able to disable MFA on your own account, so you'll need to create a new "Integration Account". Follow these steps to do this.