An authentication token is necessary to use the emnify REST API. Historically, you could retrieve this token in two ways: with your user credentials (username and password) or an application token.

In an effort to improve security across our services, authentication with user credentials has now been deprecated and will be removed on March 28, 2024.

What is changing?

If you currently use user credentials to authenticate the emnify REST API, you should update your workflow to authenticate with application tokens instead.

Why is emnify making this change?

Using account credentials like passwords outside emnify’s secure login screens creates security risks. Application tokens allow you to generate unique tokens for each application that can be revoked if needed. That way, if your information is compromised, you only need to update the affected token for that application rather than changing your username or password.

Furthermore, as multi-factor authentication (MFA) becomes mandatory for all emnify accounts, you must enter the MFA code each time your application tries to authenticate. This will break any automation and likely requires additional development to have your application support entering the MFA code.

Which methods will be restricted?

All requests using authentication with user credentials will return an error after the deprecation period.