MachineQ Developer Documentation logo DOCS

Applications

MQcentral separates two distinct concepts that are often confused: Applications are OAuth2 service accounts for API access; Output Profiles are the mechanism for routing device data to downstream systems. This page covers Applications. For output profiles and data routing, see Data Delivery: Output Profiles.

An application in MQcentral is an OAuth2 service account, a named set of client credentials that grant programmatic access to the MQcentral APIs. API clients use role-based access control to limit what they can do.

Before You Begin

You need:

  • An MQcentral account with the following permissions (see Roles for details):
    • CRU permissions for device administration, and
    • CRU permissions for user administration.
  • $MQ_TOKEN exported from the authentication step. See Authentication & API Access.

Creating an Application

Fetch all roles associated to your subscriber and pick the one you want to associate with your new application.

Fetch roles
curl -sS -H "Authorization: Bearer $MQ_TOKEN" \
  "https://api.machineq.net/v1/roles" | jq
API reference:

The response returns:

Inspect the roles response
{
  "Roles": [
    {
      "Id": "P5-zXyYa",
      "Name": "CustomRole",
      "Device": {
      "Create": true,
      "Read": true,
      "Update": true,
      "Delete": true
      },
      "User": {
      ...
      },
      "Gateway": {
      ...
      },
    },
  ...
  ]
}

Choose a role to associate with your application and use it in the following request.

Create the application
curl -sS -X POST https://api.machineq.net/v1/applications \
  -H "Authorization: Bearer $MQ_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "Name": "warehouse-monitoring-service",
    "Roles": ["<role_id>"]
  }' | jq

The response returns:

Inspect the application response
{
  "Id": "abc123",
  "Name": "warehouse-monitoring-service",
  "UUID": "3hVOhCise...",
  "ClientSecret": "xxxxxxxxxxxxxxxx"
}

Important: UUID and ClientSecret are only shown once. Store them immediately; they are the client_id and client_secret used to obtain tokens for this application (see Authentication & API Access).

To refresh an application's secret (this invalidates the old one):

Refresh the application secret
curl -sS -X POST https://api.machineq.net/v1/applications/<Id>/refreshToken \
  -H "Authorization: Bearer $MQ_TOKEN" | jq

Listing and Managing Applications

List and manage Applications
# List all Applications
curl -sS -H "Authorization: Bearer $MQ_TOKEN" \
  "https://api.machineq.net/v1/applications" | jq

# Get a specific application
curl -sS -H "Authorization: Bearer $MQ_TOKEN" \
  "https://api.machineq.net/v1/applications/<Id>" | jq

# Update an application name or roles
curl -sS -X PUT https://api.machineq.net/v1/applications/<Id> \
  -H "Authorization: Bearer $MQ_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "Id": "<Id>", "Name": "updated-name" }'

What's Next?