INRIX documentation logo

Successful requests to INRIX APIs requires API-level authentication to insure that the caller is authorized to have access to the API and to identify the user who is making the call. Authentication works by having the caller application make a specific API request with credentials provided by your INRIX customer representative, and it receives an authorization token in return. This authorization token is then used when making any other API request by adding the token value as a parameter in the api request. The authorization token is only valid for a limited period of time, and then a new token needs to be obtained.

The APIs support two API-level authentication methods listed below:

  1. An access token-based method (appToken) in which a client will use an appId and an appKey to request a time limited access token. This method is used for the following products:
    • Tiles
    • Dangerous Slowdowns
    • Parking
    • Fuel Stations
    • XFCD
    • Trade Areas (token must be in header)
  2. A legacy getSecurityToken method in which a client uses a vendorId and consumerId to request a time limited token and the server path for calling subsequent apis. This method is used for the following products:
    • Segment Speeds
    • Incidents
    • Routing
    • Traffic Cameras
    • Drive Time Polygons

For the Parking Off Street Payments API requests to create a reservation on behalf of a user will require User-level authentication in order to create the request. The Off-Street Payments API supports two User-level authentication methods:

  1. Session/Cookie-based authentication
  2. Basic HTTP Authentication i.e. username/password

General Notes

uas-api.inrix.com/v1/AppToken

GET Get an app token from https://uas-api.inrix.com

Parameters

  = required
Name Located In Type Description
Accepts Header String 'application/json' or 'application/xml'
appId Query Guid A unique id provided by INRIX representative
hashToken Query String The hash token for your app. This is generated by the following sequence.
1. Create a string with a value of AppId|AppKey – The AppKey is a value provided by INRIX and is separate from the AppId value (also provided for each customer). The string is the AppId joined to the Appkey separated by a | symbol.
2. Lowercase the string value
3. Encode the string into a byte array using UTF-8 encoding
4. Use SHA1 to hash the bytes
5. Write the resulting bytes in hexadecimal for the hashToken value.

Requests

Example appToken request
Query
https://uas-api.inrix.com/v1/appToken?appId={appId}&hashToken={hashToken}

Responses

200 Success
{
    "copyright": "Copyright INRIX Inc. 2018",
    "versionNumber": "v1",
    "createdDate": "2015-06-04T22:58:39.039099Z",
    "responseId": "f5ba0b34-06e9-40de-af8a-8bb008fc3454",
    "result":
    {
        "token": "eyJhbGciOiJIUzIcCI6IkpXVCJ9.eyJhcHBJZCI6ImLWI3MWJhMmQ0MTAyYSIsIkV4cGlyeSI6IjIwMTUtMDYtMDVUMjI6NTg6MzkuMDcwMzQ5N1oiLCJleHAiOjE0MzM1NDUxMTksInJvbGUiOiJzZXJ2aWNlIn0.5fL8TL9z6hq2smrpbFhZE3HgzFa5TQtzE",
        "expiry": "2015-06-05T22:58:39.0703497Z"
    }
}

Response Elements

Property Type Description
token String A unique access token which can be used when calling designated INRIX apis. This UAS token can be used in the query string with the key accessToken or can be added to the header like so: Authorization: Bearer {UAS-TOKEN}.
expiry String The time that the token will expire and no longer be accepted by INRIX apis. A new token should be requested before this time to avoid getting a Token Expired message in the data api call.

/?action=GetSecurityToken

GET Get a security token

Parameters

  = required
Name Located In Type Description
severPath Query String The designated URL for the GetSecurityToken request. This URL should be http://{serverPath}/Traffic/Inrix.ashx?…
vendorId Query String A unique ID assigned by INRIX to each vendor.
consumerId Query String The user’s consumer ID. Each vendor will be provided by INRIX with a set of unique consumer identifiers.
format Query String The format of the response in either XML or JSON. Default is XML.

Requests

Example getSecurityToken request
Query
http://{serverPath}.INRIX.com/traffic/Inrix.ashx?Action=GetSecurityToken&vendorId={vendorId}&consumerId={consumerId}

Responses

200 Success
{
    "docType": "GetSecurityToken",
    "copyright": "Copyright INRIX Inc.",
    "versionNumber": "11.2",
    "createdDate": "2018-01-30T01:20:45Z",
    "statusId": 0,
    "statusText": "OK",
    "responseId": "a03daf41-0ea7-46e5-b887-2dfad43157a0",
    "result": {
        "token": "0CUDqqV4hHY60r-g3Sffi*yXtP8T4LWWWNRilg5S*HI|",
        "tokenExpireDtUtc": "2018-01-30T02:19:00Z",
        "key": null,
        "serverPaths": [
            {
                "region": "NA",
                "serverPath": [
                    {
                    "href": "http://na-rseg-tts.inrix.com/RsegTiles/tile.ashx",
                    "type": "TTS"
                    },
                    {
                    "href": "http://na-api2.inrix.com/Traffic/Inrix.ashx",
                    "type": "API"
                    }
                ]
            },
            {
                "region": "EU",
                "serverPath": [
                    {
                    "href": "http://eu.api.inrix.com/Traffic/Inrix.ashx",
                    "type": "API"
                    },
                    {
                    "href": "http://eu-rseg-tts.inrix.com/RsegTiles/tile.ashx",
                    "type": "TTS"
                    }
                ]
            }
        ]
    }
}

Response Elements

Property Type Description
token String A unique security token which can be used when calling designated INRIX apis. This token must be used in the query string with the key 'token'.
tokenExpireDtUtc String The time that the token will expire and no longer be accepted by INRIX apis. A new token should be requested before this time to avoid getting a Token Expired message in the data api call.
serverPaths Array A list of serverPaths. Each serverPath directs integrators to the proper Connected Services gateway to use for that region.
Property Type Description
region String Lists the region for each serverPath. The only values are NA or EU.
NA serverPath should be used for all API calls for data within North and South America (Points West of -30° and east of 180°).
EU serverPath should be used for all API calls for data within Europe and Africa (Points East of -30° and west of 180°).
serverPath Array A list of serverPaths for the region specified.
Property Type Description
href String The specific server path to use for the given region and type.
type String Used to distinguish between traditional INRIX Connected Services APIs, Mobile Gateway APIs, and the Traffic Tile Overlay Service. The following types are possible
API - Use for interfacing with hosted traffic and LBS services.
TTS - Use for the express purpose of using traffic tile overlays.