All API requests must be made over HTTPS. Calls made over plain HTTP will
fail.
Overview
Nomos supports two main authentication flows for obtaining access tokens:Client Credentials Grant
Best for server-to-server API requests. Use your client credentials to
authenticate directly with the API.
Authorization Code Grant
For third-party integrations (such as third-party HEMS providers) requiring
user consent to access the API on their behalf. We also support the PKCE
(Proof Key for Code
Exchange) extension for
enhanced security.
Token Lifecycle
- Access tokens are valid for 60 minutes
- Use the refresh token to get a new access token when it expires
- Include the access token in the Authorization header of your requests: