Menu

Data API

Pull your account data from anywhere with an HTTPS request and an auth key.

The Data API exposes the same data your dashboard reads — measurements, rules, controls, OTA groups, settings — through simple JSON endpoints under https://data.ohioiot.com. Read-only. Authenticated with an HTTP auth key you generate in your account.

Get an auth key

In your account settings, generate an HTTP auth key. You can have up to three active at once, which makes rotation painless: add a new key, update your client, remove the old one.

Treat the key like a password. Anyone with it can read everything in your account. Don't commit it to git, paste it into chat, or embed it in client-side JavaScript that ships to a browser. If a key leaks, delete it from the dashboard — that revokes it immediately.

Authenticate

Pass your key on every request. Header is preferred:

x-auth-key: YOUR_AUTH_KEY

Or as a query parameter, when setting a header is inconvenient:

https://data.ohioiot.com/data?auth_key=YOUR_AUTH_KEY

If the key is missing or invalid, you'll get a 401. Repeated 401s from a single IP will get that IP temporarily blocked at the edge — fine for human use, worth knowing if you're scripting against the API.

Endpoints

All endpoints are GET and return JSON.

/info
API metadata and the live endpoint list. Useful as a quick sanity check that your key is working.
/all
Everything else merged into a single response. The simplest way to dump your account.
/data
Measurement data bucketed by retention tier (mins, hours, days, weeks, months, years). Up to 3,000 most recent points per tier.
/settings
Your account-level preferences.
/controls
Your saved commands — the buttons in the dashboard that fire MQTT messages at devices.
/rules
Your alerting and automation rules, with current alert state.
/messages
Your message history.
/ota
Your OTA device groups and firmware assignments.
/meta
Per-device metadata, keyed by device ID.
/aliases
Your friendly device names.

Examples

curl:

curl -H "x-auth-key: YOUR_KEY" https://data.ohioiot.com/data
curl -H "x-auth-key: YOUR_KEY" https://data.ohioiot.com/rules
curl "https://data.ohioiot.com/all?auth_key=YOUR_KEY"

Node.js:

const res = await fetch('https://data.ohioiot.com/all', {
    headers: { 'x-auth-key': process.env.OHIOIOT_KEY }
});
const account = await res.json();

console.log('rules:', account.rules.length);
console.log('latest temp:', account.data.table1_mins.at(-1));

Python:

import os, requests

KEY = os.environ['OHIOIOT_KEY']
r = requests.get(
    'https://data.ohioiot.com/data',
    headers={'x-auth-key': KEY}
)
r.raise_for_status()
data = r.json()
print(data['table1_mins'][-1])

Response shape

The /data endpoint returns one array per retention tier, oldest-first within each:

{
    "table1_mins":   [ { timestamp, ...fields }, ... ],
    "table2_hours":  [ ... ],
    "table3_days":   [ ... ],
    "table4_weeks":  [ ... ],
    "table5_months": [ ... ],
    "table6_years":  [ ... ]
}

The /all endpoint wraps the data response and folds in everything else at the top level:

{
    "data":     { /* same shape as /data */ },
    "settings": { /* account settings */ },
    "controls": [ ... ],
    "rules":    [ ... ],
    "messages": [ ... ],
    "ota":      [ ... ],
    "meta":     { "device_id_1": {...}, "device_id_2": {...} },
    "aliases":  { ... }
}

Hitting an individual endpoint like /rules just returns that one slice — no wrapper.

Errors

Standard HTTP status codes:

  • 200 — success.
  • 401 — auth key is missing or invalid.
  • 404 — unknown endpoint. Check the path.
  • 500 — backend error. Retry; if it persists, get in touch.

Error responses are JSON with an error field explaining what went wrong.

Where to go from here