Successful requests to INRIX APIs requires API-level authentication to insure that the caller is authorized to have access to the API and to identify the user who is making the call. Authentication works by having the caller application make a specific API request with credentials provided by your INRIX customer representative, and it receives an authorization token in return. This authorization token is then used when making any other API request by adding the token value as a parameter in the api request. The authorization token is only valid for a limited period of time, and then a new token needs to be obtained.

The APIs support two API-level authentication methods listed below:

1. An access token-based method (appToken) in which a client will use an appId and an appKey to request a time limited access token. This method is used for the following products:
   • Segment Speeds
   • Incidents
   • Tiles
   • Dangerous Slowdowns
   • Parking
   • Fuel Stations
   • XFCD
   • Trade Areas (token must be in header)
   • Analytics Visits (token must be in header)
2. A legacy getSecurityToken method in which a client uses a vendorId and consumerId to request a time limited token and the server path for calling subsequent apis. This method is used for the following products:
   • Routing
   • Traffic Cameras
   • Drive Time Polygons

For the Parking Off Street Payments API requests to create a reservation on behalf of a user will require User-level authentication in order to create the request. The Off-Street Payments API supports two User-level authentication methods:

1. Session/Cookie-based authentication
2. Basic HTTP Authentication i.e. username/password

General Notes

• The tokens for each of these methods are not interchangeable. The documentation for the specific API you wish to call will also list the correct api to get a token.
• The token will expire after a pre-set date/time. This date/time is returned in the “expiry” attribute. When this occurs, the calling code should call the appropriate API to obtain a new token, and then re-issue the request or request a new token prior to the current token’s expiration. Please cache the token and use for subsequent requests until the token is close to expiring. Do not call to get a new prior to every api call.
• This UAS token can be used in the query string with the key accessToken or can be added to the header like so: Authorization: Bearer {UAS-TOKEN}.

uas-api.inrix.com/v1/AppToken

GET Get an app token from https://uas-api.inrix.com

Parameters

  = required

Name	Located In	Type	Description
Accept	Header	String	'application/json' or 'application/xml'
appId	Query	Guid	A unique id provided by INRIX representative
hashToken	Query	String	The hash token for your app. This is generated by the following sequence. 1. Create a string with a value of AppId|AppKey – The AppKey is a value provided by INRIX and is separate from the AppId value (also provided for each customer). The string is the AppId joined to the Appkey separated by a | symbol. 2. Lowercase the string value 3. Encode the string into a byte array using UTF-8 encoding 4. Use SHA1 to hash the bytes 5. Write the resulting bytes in hexadecimal for the hashToken value.

Requests

Example appToken request

Query

https://uas-api.inrix.com/v1/appToken?appId={appId}&hashToken={hashToken}

Responses

200 Success

{
    "copyright": "Copyright INRIX Inc. 2018",
    "versionNumber": "v1",
    "createdDate": "2015-06-04T22:58:39.039099Z",
    "responseId": "f5ba0b34-06e9-40de-af8a-8bb008fc3454",
    "result":
    {
        "token": "eyJhbGciOiJIUzIcCI6IkpXVCJ9.eyJhcHBJZCI6ImLWI3MWJhMmQ0MTAyYSIsIkV4cGlyeSI6IjIwMTUtMDYtMDVUMjI6NTg6MzkuMDcwMzQ5N1oiLCJleHAiOjE0MzM1NDUxMTksInJvbGUiOiJzZXJ2aWNlIn0.5fL8TL9z6hq2smrpbFhZE3HgzFa5TQtzE",
        "expiry": "2015-06-05T22:58:39.0703497Z"
    }
}

Response Elements

Property	Type	Description
token	String	A unique access token which can be used when calling designated INRIX apis. This UAS token can be used in the query string with the key accessToken or can be added to the header like so: Authorization: Bearer {UAS-TOKEN}.
expiry	String	The time that the token will expire and no longer be accepted by INRIX apis. A new token should be requested before this time to avoid getting a Token Expired message in the data api call.

/?action=GetSecurityToken

GET Get a security token

Parameters

  = required

Name	Located In	Type	Description
severPath	Query	String	The designated URL for the GetSecurityToken request. This URL should be http://{serverPath}/Traffic/Inrix.ashx?…
vendorId	Query	String	A unique ID assigned by INRIX to each vendor.
consumerId	Query	String	The user’s consumer ID. Each vendor will be provided by INRIX with a set of unique consumer identifiers.
format	Query	String	The format of the response in either XML or JSON. Default is XML.

Requests

Example getSecurityToken request

Query

http://{serverPath}.INRIX.com/traffic/Inrix.ashx?Action=GetSecurityToken&vendorId={vendorId}&consumerId={consumerId}

Responses

200 Success

{
    "docType": "GetSecurityToken",
    "copyright": "Copyright INRIX Inc.",
    "versionNumber": "11.2",
    "createdDate": "2018-01-30T01:20:45Z",
    "statusId": 0,
    "statusText": "OK",
    "responseId": "a03daf41-0ea7-46e5-b887-2dfad43157a0",
    "result": {
        "token": "0CUDqqV4hHY60r-g3Sffi*yXtP8T4LWWWNRilg5S*HI|",
        "tokenExpireDtUtc": "2018-01-30T02:19:00Z",
        "key": null,
        "serverPaths": [
            {
                "region": "NA",
                "serverPath": [
                    {
                    "href": "http://na-rseg-tts.inrix.com/RsegTiles/tile.ashx",
                    "type": "TTS"
                    },
                    {
                    "href": "http://na-api2.inrix.com/Traffic/Inrix.ashx",
                    "type": "API"
                    }
                ]
            },
            {
                "region": "EU",
                "serverPath": [
                    {
                    "href": "http://eu.api.inrix.com/Traffic/Inrix.ashx",
                    "type": "API"
                    },
                    {
                    "href": "http://eu-rseg-tts.inrix.com/RsegTiles/tile.ashx",
                    "type": "TTS"
                    }
                ]
            }
        ]
    }
}

Response Elements

Property	Type	Description
token	String	A unique security token which can be used when calling designated INRIX apis. This token must be used in the query string with the key 'token'.
tokenExpireDtUtc	String	The time that the token will expire and no longer be accepted by INRIX apis. A new token should be requested before this time to avoid getting a Token Expired message in the data api call.
serverPaths	Array	A list of serverPaths. Each serverPath directs integrators to the proper Connected Services gateway to use for that region.
Property Type Description region String Lists the region for each serverPath. The only values are NA or EU. NA serverPath should be used for all API calls for data within North and South America (Points West of -30° and east of 180°). EU serverPath should be used for all API calls for data within Europe and Africa (Points East of -30° and west of 180°). serverPath Array A list of serverPaths for the region specified. Property Type Description href String The specific server path to use for the given region and type. type String Used to distinguish between traditional INRIX Connected Services APIs, Mobile Gateway APIs, and the Traffic Tile Overlay Service. The following types are possible API - Use for interfacing with hosted traffic and LBS services. TTS - Use for the express purpose of using traffic tile overlays.