Overview The Centinela API uses Bearer token authentication for all protected endpoints. Authentication is handled through the Cooptech authentication system, which provides cross-product single sign-on.
Authentication Flow The authentication process involves two steps:
Authenticate with Cooptech to get user information
Exchange Cooptech credentials for a Centinela-specific token
First, retrieve user information from the Cooptech API:
curl -X GET "https://cooptech.com.ar/api/getUser?id={userId}" \ -H "Authorization: Bearer {cooптechToken}"
Token for cross-application authentication
Step 2: Login to Centinela Exchange Cooptech credentials for a Centinela token:
curl -X POST "https://masagua.cooptech.com.ar/api/loginCooptech" \ -H "Content-Type: application/json" \ -d '{ "email": "user@example.com", "tokenApp": "cooptech_token_apps_value", "schemaName": "client_schema_name", "influx_name": "influx_database_name" }'
User email from Cooptech authentication
Token apps value from Cooptech user object
Database schema name for the client
InfluxDB database name for time-series data
Response: { "token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." , "user" : { "id" : 123 , "email" : "user@example.com" , "first_name" : "John" , "last_name" : "Doe" } }
Using Authentication Tokens Include the authentication token in the Authorization header for all API requests:
curl -X GET "https://masagua.cooptech.com.ar/api/getVarsInflux" \ -H "Authorization: Bearer {your_token_here}" \ -H "Content-Type: application/json"
JavaScript Example const token = localStorage . getItem ( 'token' ); const response = await fetch ( ` ${ baseUrl } /getVarsInflux` , { method: 'GET' , headers: { 'Content-Type' : 'application/json' , 'Accept' : 'application/json' , 'Authorization' : `Bearer ${ token } ` }, credentials: 'include' }); const data = await response . json ();
Axios Example (Used in Centinela) import axios from 'axios' ; const request = async ( url , method , data = false ) => { const token = localStorage . getItem ( 'token' ); const response = await axios ({ method , url , data: data || {}, withCredentials: true , headers: { 'Content-Type' : 'application/json' , 'Accept' : 'application/json' , 'Authorization' : `Bearer ${ token } ` } }); return response ; };
Retrieve database schema information for a client and product:
curl -X GET "https://cooptech.com.ar/api/getSchemaProduct?clientId={clientId}&productId={productId}" \ -H "Authorization: Bearer {cooптechToken}"
Response: [ { "schema_name" : "client_db_schema" , "influx_name" : "client_influxdb" , "product_id" : 5 , "client_id" : 12 } ]
List User Products Get products available to a user for a specific client:
curl -X GET "https://cooptech.com.ar/api/listProductxUserxClient?id_user={userId}&id_client={clientId}" \ -H "Authorization: Bearer {cooптechToken}"
Response: [ { "id_product" : 5 , "name" : "Centinela" , "description" : "Water Treatment Monitoring" }, { "id_product" : 3 , "name" : "Mas Agua" , "description" : "Water Distribution" } ]
Public Endpoints Some endpoints are publicly accessible without authentication. Use the requestPublic function for these:
const requestPublic = async ( url , method , data = false ) => { const response = await axios ({ method , url , data: data || {}, withCredentials: true , headers: { 'Content-Type' : 'application/json' , 'Accept' : 'application/json' } }); return response ; };
Public endpoints should be used sparingly and only for non-sensitive operations like health checks or public dashboards.
Token Storage Tokens are stored in local storage:
// Store token localStorage . setItem ( 'token' , tokenValue ); // Retrieve token const token = localStorage . getItem ( 'token' ); // Store user info localStorage . setItem ( 'usuario' , JSON . stringify ( userObject ));
Error Handling 401 Unauthorized If you receive a 401 error, your token is invalid or expired. Re-authenticate to get a new token.
500 Internal Server Error The API returns detailed error messages in the response body:
{ "field_name" : { "message" : "Validation error description" } }
Security Best Practices Never expose authentication tokens in client-side code, logs, or version control.
Store tokens securely (localStorage or httpOnly cookies)
Always use HTTPS in production
Implement token refresh logic for long-lived sessions
Clear tokens on logout
Use environment variables for API endpoints
Next Steps
Variables API Manage monitoring variables
Alarms API Configure alarm conditions
