Our API supports sending messages via HTTP. You can send a POST request containing a JSON body.


The authentication consists of two parts: the application identifier and authentication with a JWT Token.

One JWT Token give you the possibility to retrieve information for scan user order.

The JWT Token can be requested with a combination of the username and the password.

The required header X-DEVICE-INFO and the JWT Secret will be provided by your account manager, or you can request one via [email protected].


Communication with the CM servers should be done using the TLS cryptographic protocol, version 1.2 or higher.
Older security protocols such as TLSv1.0, TLSv1.1 and SSLv3 are not supported.

Cross-Site Scripting (XSS)

On our API, Cross-Site Scripting (XSS) protection is enabled. XSS enables attackers to inject client-side scripts into web pages viewed by other users.

To protect your web application, and our API we disabled the option to make direct request from a web application.