Skip to content
Innomesh
Platform

Innomesh Platform API

The Innomesh Platform API is a secure REST interface that enables external systems to query room status, asset information, and alert data from the Innomesh platform. Use it to build integrations with ITSM tools, facilities management systems, custom dashboards, or AI/ML applications.

📝 Note
The Platform API is currently in Preview. It is fully functional but endpoint structure and response schemas may evolve based on feedback.

Key Concepts

ConceptDescription
App ClientA named credential representing an external system. Each App Client has a unique Client ID and Client Secret used for OAuth 2.0 authentication.
Permission ScopesControl which API endpoint families an App Client can access. Available scopes: rooms (/v1/rooms/...), assets (/v1/assets/...), alerts (/v1/alerts/...), metrics (/v1/metrics/...).
Access TokenA short-lived OAuth 2.0 bearer token, valid for 2 hours. Obtained via the Client Credentials grant flow.
API KeyA separate credential included as an X-API-Key header on every request. Provisioned by Innomate support.
Rate LimitDefault quota of 1,000 requests per day per App Client. Higher limits available on request.

Getting Started

1. Create an App Client

  1. Navigate to Administration > Users in Innomesh Portal.
  2. Select the App Clients tab.
  3. Click Add App Client.
  4. Enter a name (e.g., “ServiceNow Integration”, “Custom Dashboard”). The name identifies the App Client in audit logs and the management list and cannot be changed after creation.
  5. Select the permission scopes required.

Warning dialog confirming deletion of the PowerBI Dashboards App Client with Cancel and Yes, Delete buttons

Create App Client dialog with Permission Scope dropdown open showing rooms checked and assets, alerts, and metrics options

  1. Click Create.
  2. Copy the Client ID and Client Secret immediately.

App Clients list showing CMDB Daily Sync and PowerBI Dashboards rows with their Client IDs, scope badges, creator, and creation dates

🚨 Caution
The Client Secret is displayed only once at creation. If lost, you must delete and recreate the App Client.

2. Obtain an API Key

Contact Innomate support (UXT Support) to request an API Key for your tenancy. The API Key is separate from the App Client credentials and is required on every API call.

3. Request an Access Token

Send a POST request to your tenant’s OAuth 2.0 token endpoint. The auth domain is region-specific:

RegionAuth domain
AUhttps://auth.api.<tenant>.innomesh.com.au
EUhttps://auth.api.<tenant>.innomesh.io
UShttps://auth.api.<tenant>.innomesh.us
POST https://auth.api.<tenant>.innomesh.com.au/oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id=<your_client_id>
&client_secret=<your_client_secret>

The response includes an access_token valid for 2 hours. Reuse the token across requests rather than requesting a new one per call.

❗ Important
Token generation is throttled. Integrations that request a new token on every API call will exhaust the token request limit and begin failing. Persist the token and only request a new one once the current token has expired.

4. Make API Calls

Include both the access token and API key on every request. The base URL is region-specific:

RegionBase URL
AUhttps://api.<tenant>.innomesh.com.au/v1
EUhttps://api.<tenant>.innomesh.io/v1
UShttps://api.<tenant>.innomesh.us/v1
GET https://api.<tenant>.innomesh.com.au/v1/rooms/<roomid>/status
Authorization: Bearer <access_token>
X-API-Key: <api_key>

Available Endpoints

EndpointMethodScopeDescription
/v1/rooms/{roomid}/statusGETroomsCurrent room status (power, occupancy, versions)
/v1/assets/{roomid}/{assetid}GETassetsStatic asset properties (model, firmware, network)
/v1/assets/{roomid}/{assetid}/statusGETassetsLive asset health and state
/v1/assets/{roomid}/{assetid}/alertsGETalertsActive alerts for an asset
/v1/assets/{roomid}/{assetid}/alerts_historyGETalertsHistorical alert records
/v1/alerts/{alertid}/detailsGETalertsDetailed alert information

For full request/response schemas, see OpenAPI Specification.

Managing App Clients

From Administration > Users > App Clients, you can:

  • View all App Clients with their scopes and creation dates
  • Edit an App Client’s scopes or expiry
  • Delete one or more App Clients to immediately revoke access
📝 Note
The App Client Name is fixed at creation and cannot be changed. To rename an App Client, delete it and create a new one.

Deleting an App Client

  1. On the App Clients list, select one or more App Clients using the checkboxes on the left of each row.
  2. Click Delete.
  3. Review the confirmation dialog and click Confirm to proceed.

Success dialog confirming a new App Client was created, showing Name, Client ID, masked Client Secret, Platform API Base URL, and Access Token URL

⚠️ Warning
Deleting an App Client is immediate and irreversible. All tokens issued to that client are invalidated instantly with no grace period.

Create App Client dialog with Name CMDB Daily Sync, Client ID and Secret marked Generated on creation, and Permission Scope showing rooms plus one more

Audit Logging

All API calls are logged in the Portal audit logs. Each entry records:

  • Event type (API call)
  • App Client name
  • Endpoint called
  • Timestamp
  • Response status

To view only Platform API activity, navigate to Audit Logs in the Portal and select Platform API logs only from the Log Type dropdown.

Use Cases

  • ITSM integration: Query alert data to create tickets in ServiceNow or TeamDynamix
  • Custom dashboards: Pull room and asset status into internal monitoring tools
  • Facilities sync: Export room metadata to building management systems
  • AI/ML: Consume occupancy and health data for predictive analytics
On this page