Minut API (v4)

Download OpenAPI specification:Download

Welcome to the Minut developer documentation. Here you will find an introduction to the Minut API, how to setup your first application, and how to subscribe to events from Minut.

To get started with the API there are two prerequisites:

1. Minut account with Pro subscription.

Sign up here or use our app to create your account.

2. OAuth2 client.

Instructions on how to get one are found here

Before making requests you first need to aquire an access token. For this we use OAuth2.0, which is well documented on other sites, as well as the official spec: RFC6749. The endpoints for doing the exchange are documented under Authentication.

Good to know

  • All of Minut’s endpoints are served over HTTPS.
  • All references to dates and times are in UTC.
  • We try to return meaningful HTTP status codes and error messages.
  • The API only consumes and produces application/json.

Architecture

Before we dive into the API Reference it is useful to get a brief understanding about how Minut works, what it communicates, and how it does so.

Minut runs on batteries and as such a lot of care is taken to make the batteries last as long as possible. This means that for the most time, communication channels like Wi-Fi, are turned off. It is only activated when necessary and that happens for two reasons. The first reason is regular checkins, called Heartbeats. The heartbeat is a message that Minut sends roughly once an hour to indicate to the backend that it is still alive and well. This message contains all the sensor readings since the last heartbeat, usually some diagnostics, and a check for new configuration or software updates. The other reason is when something out of the ordinary happens, for example, when the Minut detects a sudden temperature drop, an alarm, or other activity. These messages are called Events.

Sensor data

While heartbeats are sent regularly Minut does not expose them directly the API. Instead, and much more useful, is the sensor data they contain. The API provides endpoints to retrieve temperature, humidity, pressure, ambient light, sound, and battery data as continuous time series.

Events

Minut is mostly about events. Events are sent when something out of the ordinary is detected, when a long-running analysis on the backend has yielded some result, or if the user performs certain actions.

There exists a broad range of events that describe user actions, activity in the home, and system information. See Events for a list. Events can be retrieved both from the API and subscribed to via Webhooks. We will explain how to subscribe to events in the next section.

Depending on the type of the event, the fields in the event varies. For instance, an event generated by a sensor value crossing a threshold will contain a reference to the threshold crossed. Whereas a tamper event will only contain a reference to which device was tampered with. Events at least contain the following fields:

{
  "event_id": "string", 
  "created_at": "datetime", 
  "type": "string"
}

Most of the time they will also include either device_id or user_id.

When doing integrations we highly recommend either subscribing to or reading events rather than sensor data to make sure you get the most up to date information

Webhooks

Webhooks are a great way to react to events as they happen. Rather than implementing a mechanism where you would poll the Minut API at regular intervals, you tell the API about an endpoint that you control to which Minut can send events as they happen.

Example

For the sake of simplifying this example, we are going to use https://webhook.site. It’s an online service that lists HTTP requests directed to it. Since they are only temporary they are not recommended for continued use. Visit the site and make note of the url.

Now we need to set up the subscription. This is done with a POST request to /webhooks as an authenticated user. Make sure to replace $token and $webhook-url with valid values.

curl -X POST -H "Authorization: Bearer $token" \
  -H "Content-Type: application/json" \
  -d '{"url": $webhook-url, "events": ["short_button_press"]}'\
  "https://api.minut.com/v4/webhooks/"

Once this is done, you should be able to press the button on your Minut and see that the event is received in the webhook UI. Another way to test that it works is by doing this request using the webhook id you got from the previous request.

curl -X POST -H "Authorization: Bearer $token" \
  -H "Content-Type: application/json" \
  -d {} \
  "https://api.minut.com/v4/webhooks/WEBHOOK_ID/ping"

From now on all events that belong to the user are forwarded to your web service. Minut will automatically retry sending the event roughly 10 times with an exponential back-off. In case all attempts fail, we will not try sending the message again and you have to implement some form of recovery of lost messages yourselves by asking the /events endpoint.

API Status

Minut uses Uptimerobot to measure API availability. You can check the most recent status here: https://status.minut.com

Integrate with us!

We partner with insurances, telcos, and utilities around the world to provide new types of services for end users.

For integrations, we provide enterprise APIs tailored to managing thousands of devices, SLAs and support. Feel free to reach out to Sales for more information at sales@minut.com.


Authentication

Most endpoints in our API requires the user to be authenticated. For this we use OAuth2. To get started with this you'll need an OAuth client, instructions on how to get one are found here

Before making requests you first need to aquire an access token. How to get a token is well documented on other sites, as well as the official spec: RFC6749. But a quick simple guide follows here:

  1. Open this url in a browser:

    https://api.minut.com/v4/oauth/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=REDIRECT_URI

Make sure to replace CLIENT_ID and REDIRECT_URI with the values you got from our support.

  1. The page will ask you to sign in with your Minut account.

  2. Accept the prompt asking if your application should be able to access your Minut data.

  3. Your browser will redirect to the url provided in the redirect_uri parameter, with a query parameter like so: code=randomcode

  4. Perform this request using the code.

  5. Use the access_token from the previous request in the Authorization header for all requests to the api:

    Authorization: Bearer access_token

Done!

Request an authorization code

Authorizations:
query Parameters
response_type
required
string
Value: "code"

Must be set to "code"

client_id
required
string

The client id

redirect_uri
required
string

Where to redirect the user-agent after performing the request. Must match the redirect_uri specified when the client was created.

scope
string

Space separated list of scopes to request.

state
string

An opaque value used by the client to maintain state between the request and the callback.

code_challenge
string

A PKCE code challenge

code_challenge_method
string
Enum: "S256" "plain"

Should be S256 unless your client does not support SHA256, in which case plain can be used

Responses

200

An authorization code

400

Bad request

401

Unauthorized

get/oauth/authorize
https://api.minut.com/v4/oauth/authorize

Response samples

Content type
application/json
Copy
Expand all Collapse all
{
}

Token exchange

There are two ways to get a bearer token which are requried for all other endpoints.

  1. Exchange an authorization_code
  2. Exchange a refresh_token

All exchange methods will return a short-lived bearer token and a refresh token.

Authorizations:
Request Body schema: application/json

Set the TokenExchange parameters required for the grant_type used.

grant_type
required
string
Enum: "refresh_token" "authorization_code" "password"

Grant type to exchange for access token

redirect_uri
string

Required if redirect_uri was provided in the authorize request and must be identical in that case.

client_id
required
string

Client ID if not provided using HTTP Basic Auth

client_secret
required
string

Client secret if not provided using HTTP Basic Auth

code
string

Authorization code is grant_type is authorization_code

username
string

Username if grant_type is password. Can only be used by first-party clients.

password
string

Password if grant_type is password. Can only be used by first-party clients.

refresh_token
string

Refresh token if grant_type is refresh_token.

token
string

Token if grant_type implies converting from a trusted third-party token.

code_verifier
string

The plain text code used in the original authorization request

response_type
string
Value: "token"

Should be set to token

Responses

200

A bearer and refresh token token

400

Bad request

401

Unauthorized

post/oauth/token
https://api.minut.com/v4/oauth/token

Request samples

Content type
application/json
Copy
Expand all Collapse all
{
}

Response samples

Content type
application/json
Copy
Expand all Collapse all
{
}

Revoke a refresh token

Authorizations:
Request Body schema: application/json

Refresh token to revoke

token
required
string

The refresh token to revoke

client_id
required
string
client_secret
required
string

Responses

200

Status of revokation

post/oauth/revoke
https://api.minut.com/v4/oauth/revoke

Request samples

Content type
application/json
Copy
Expand all Collapse all
{
}

Response samples

Content type
application/json
Copy
Expand all Collapse all
{
}

Devices

Get devices

Returns a list of all devices the authenticated user has access to.

Authorizations:

Responses

200

A list of devices

get/devices
https://api.minut.com/v4/devices

Response samples

Content type
application/json
Copy
Expand all Collapse all
{
}

Get a device

Returns a device

Authorizations:
path Parameters
device_id
required
string

Device ID

Responses

200

A Device

401

User is not authorized access

404

The Device does not exist

get/devices/{device_id}
https://api.minut.com/v4/devices/{device_id}

Response samples

Content type
application/json
Copy
Expand all Collapse all
{