Minut API (v5)

Download OpenAPI specification:Download

Welcome to the Minut developer documentation. Here you will find an introduction to the Minut API, how to setup your first application, and how to subscribe to events from Minut. To get started with the API there are two prerequisites:

1. Minut account with Pro subscription.

Sign up here or use our app to create your account.

2. OAuth2 client.

Instructions on how to get one are found here

Before making requests you first need to aquire an access token. For this we use OAuth2.0, which is well documented on other sites, as well as the official spec: RFC6749. The endpoints for doing the exchange are documented under Authentication.

Good to know

  • All of Minut’s endpoints are served over HTTPS.
  • All references to dates and times are in UTC.
  • We try to return meaningful HTTP status codes and error messages.
  • The API only consumes and produces application/json.

Architecture

Before we dive into the API Reference it is useful to get a brief understanding about how Minut works, what it communicates, and how it does so.

Minut runs on batteries and as such a lot of care is taken to make the batteries last as long as possible. This means that for the most time, communication channels like Wi-Fi, are turned off. It is only activated when necessary and that happens for two reasons. The first reason is regular checkins, called Heartbeats. The heartbeat is a message that Minut sends roughly once an hour to indicate to the backend that it is still alive and well. This message contains all the sensor readings since the last heartbeat, usually some diagnostics, and a check for new configuration or software updates. The other reason is when something out of the ordinary happens, for example, when the Minut detects a sudden temperature drop, an alarm, or other activity. These messages are called Events.

Sensor data

While heartbeats are sent regularly Minut does not expose them directly the API. Instead, and much more useful, is the sensor data they contain. The API provides endpoints to retrieve temperature, humidity, pressure, ambient light, sound, and battery data as continuous time series.

Events

Minut is mostly about events. Events are sent when something out of the ordinary is detected, when a long-running analysis on the backend has yielded some result, or if the user performs certain actions.

There exists a broad range of events that describe user actions, activity in the home, and system information. See Events for a list. Events can be retrieved both from the API and subscribed to via Webhooks. We will explain how to subscribe to events in the next section.

Depending on the type of the event, the fields in the event varies. For instance, an event generated by a sensor value crossing a threshold will contain a reference to the threshold crossed. Whereas a tamper event will only contain a reference to which device was tampered with. Events at least contain the following fields:

{
  "event_id": "string",
  "created_at": "datetime",
  "type": "string"
}

Most of the time they will also include either device_id or user_id.

When doing integrations we highly recommend either subscribing to or reading events rather than sensor data to make sure you get the most up to date information

Webhooks

Webhooks are a great way to react to events as they happen. Rather than implementing a mechanism where you would poll the Minut API at regular intervals, you tell the API about an endpoint that you control to which Minut can send events as they happen.

Example

For the sake of simplifying this example, we are going to use https://webhook.site. It’s an online service that lists HTTP requests directed to it. Since they are only temporary they are not recommended for continued use. Visit the site and make note of the url.

Now we need to set up the subscription. This is done with a POST request to /webhooks as an authenticated user. Make sure to replace $token and $webhook-url with valid values.

curl -X POST -H "Authorization: Bearer $token" \
  -H "Content-Type: application/json" \
  -d '{"url": $webhook-url, "events": ["short_button_press"]}'\
  "https://api.minut.com/v5/webhooks/"

Once this is done, you should be able to press the button on your Minut and see that the event is received in the webhook UI. Another way to test that it works is by doing this request using the webhook id you got from the previous request.

curl -X POST -H "Authorization: Bearer $token" \
  -H "Content-Type: application/json" \
  -d {} \
  "https://api.minut.com/v5/webhooks/WEBHOOK_ID/ping"

From now on all events that belong to the user are forwarded to your web service. Minut will automatically retry sending the event roughly 10 times with an exponential back-off. In case all attempts fail, we will not try sending the message again and you have to implement some form of recovery of lost messages yourselves by asking the /events endpoint.

API Status

Minut uses Uptimerobot to measure API availability. You can check the most recent status here: https://status.minut.com

Integrate with us!

We partner with insurances, telcos, and utilities around the world to provide new types of services for end users.

For integrations, we provide enterprise APIs tailored to managing thousands of devices, SLAs and support. Feel free to reach out to Sales for more information at sales@minut.com.


Authentication

Most endpoints in our API requires the user to be authenticated. For this we use OAuth2. To get started with this you'll need an OAuth client, instructions on how to get one are found here

Before making requests you first need to aquire an access token. How to get a token is well documented on other sites, as well as the official spec: RFC6749. We currently support the authorization code grant and the client_credentials grant. A quick guide for the authorization code grant:

  1. Open this url in a browser:

    https://api.minut.com/v5/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI

Make sure to replace CLIENT_ID and REDIRECT_URI with the values you got from our support.

  1. The page will ask you to sign in with your Minut account.

  2. Accept the prompt asking if your application should be able to access your Minut data.

  3. Your browser will redirect to the url provided in the redirect_uri parameter, with a query parameter like so: code=randomcode

  4. Perform this request using the code.

  5. Use the access_token from the previous request in the Authorization header for all requests to the api:

    Authorization: Bearer access_token

Client credentials

To instead use the client_credentials grant you just have to issue the following request:

curl  --request POST 'http://api.minut.com/v5/oauth/token' \
      --header 'Content-Type: application/x-www-form-urlencoded' \
      --header 'Authorization: Basic Base64(CLIENT_ID:CLIENT_SECRET)' \
      --data-urlencode 'grant_type=client_credentials' \
      --data-urlencode 'response_type=token'

This will result in a response like this:

{
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VySWQiOiI5ZWM3NmI1Zjk4NTExNGFhYjYyMzQ3MzciLCJyb2xlcyI6WyJjcmVhdGUtdXNlciJdLCJvcmdJZCI6Im1pbnV0Iiwic2NvcGUiOiIiLCJjbGllbnRJZCI6IkxvY2FsRGV2Q2xpZW50IiwiaWF0IjoxNjExNzM2ODI0LCJleHAiOjE2MTE3NDA0MjQsImlzcyI6Ik1pbnV0LCBJbmMuIn0.Vn2jSMV3J12_NHeX_2lPdhZywaF7aGzPKslE172_suA",
    "token_type": "Bearer"
}

Request an authorization code

Authorizations:
query Parameters
response_type
required
string
Value: "code"

Must be set to "code"

client_id
required
string

The client id

redirect_uri
required
string

Where to redirect the user-agent after performing the request. Must match the redirect_uri specified when the client was created.

scope
string

Space separated list of scopes to request.

state
string

An opaque value used by the client to maintain state between the request and the callback.

code_challenge
string

A PKCE code challenge

code_challenge_method
string
Enum: "S256" "plain"

Should be S256 unless your client does not support SHA256, in which case plain can be used

Responses

Response samples

Content type
application/json
{
}

Token exchange

There are three ways to get a bearer token which are requried for all other endpoints.

  1. Exchange an authorization_code
  2. Exchange client credentials
  3. Exchange a refresh_token

All exchange methods will return a short-lived bearer token. Unless client_credentials is used a refresh_token will also be returned.

Authorizations:
Request Body schema: application/json

Set the TokenExchange parameters required for the grant_type used.

grant_type
required
string
Enum: "refresh_token" "authorization_code" "password" "client_credentials"

Grant type to exchange for access token

redirect_uri
string

Required if redirect_uri was provided in the authorize request and must be identical in that case.

client_id
required
string

Client ID if not provided using HTTP Basic Auth

client_secret
required
string

Client secret if not provided using HTTP Basic Auth

code
string

Authorization code if grant_type is authorization_code

refresh_token
string

Refresh token if grant_type is refresh_token.

token
string

Token if grant_type implies converting from a trusted third-party token.

code_verifier
string

The plain text code used in the original authorization request

response_type
string
Value: "token"

Should be set to token

Responses

Request samples

Content type
application/json
{
}

Response samples

Content type
application/json
{
}

Revoke a refresh token

Authorizations:
Request Body schema: application/json

Refresh token to revoke

token
required
string

The refresh token to revoke

client_id
required
string
client_secret
required
string

Responses

Request samples

Content type
application/json
{
}

Response samples

Content type
application/json
{
}

Devices

Get devices

Returns a list of all devices the authenticated user has access to.

Authorizations:
query Parameters
limit
number [ 1 .. 60 ]
Default: 10
Example: limit=10

Limit how many results to fetch.

offset
number >= 0
Default: 0
Example: offset=0

Starting offset when fetching results.

ids
string [ 24 .. 7000 ] characters ^[0-9a-f,]+$
Example: ids=abd3343976655bcdeeeff121,abd3343976655bcdeeeff122,abd3343976655bcdeeeff123

Filter for only the specified devices. The max length is due to the limitations in how long a url can be.

offline
boolean
Example: offline=true

Filter for only offline or online devices.

active
boolean
Example: active=true

filter for active or inactive devices.

low_battery
boolean
Example: low_battery=true

filter for devices with low battery or devices which do not have low battery

sort
string
Enum: "home_name" "battery"
Example: sort=battery

Sort the list ascendingly based on this.

home_name - sort on the name of the home the device belongs to. battery - sort on the battery voltage of the device.

Responses

Response samples

Content type
application/json
{