Simple Example - Login to Cloud, retrieve cores and tokens

I am looking for a simple example of how to login via the cloud api using a username/password to retrieve a list of associated cores and auth tokens.

Essentially this would make it so I would never need to embed a access token in my html as well as allow me to parse the associated cores to determine which core ID I want to send posts/gets to.

Thank you in advance!


Hi @Jovack,

Sure thing, there is an example in the docs here:

If you want to list all your devices, that’s just a request to with your access token.


Thank you for the fast response.

I am actually trying to do the following;

I have my username/password for This is in the form of email address and password. This is the user/password I would use to login to Build.

So, I am trying to do a webpage that does the following:

Logs in with my user/pass.
Pulls a list of the cores associated with this account.
Pulls a list of the associated auth tokens for each core.

This would then allow me to initiate calls to the cores with the ID’s and tokens I pulled.

Does that make sense?



You could do this with jquery and javascript on a webpage to handle the variables returned in the JSON response I think.

Thank you Elijah.

Anyone have an sample code? I would assume I am not the only one that would prefer a more dynamic approach to authentication, core selection and finally auth token gathering.


@Jovack, I’m a bit late to the party here, but I think you might be laboring under the same misunderstanding that I had about access tokens. You say that you want to get “a list of the associated auth tokens for each core.”

Unfortunately an access token is associated with an account rather than with a particular core – so having an access token for your account means someone can access any of your cores rather than just one particular core.

Even more unfortunately, access tokens are very nearly “the keys to the kingdom” – having an access token allows you to not only read from your cores or call functions on them, but also to flash your cores, claim new cores to your account, release cores from your account…just about anything except managing access tokens.

It sounds like you – like me – want to have some way of granting access to the variables and functions exposed by a particular core rather than giving away everything. I’ve been hacking on the spark-cli tool for a couple of days to familiarize myself with it and make sure I understand access tokens, and I’ll probably be starting a thread in this category soon proposing a new kind of token/key that will let us have finer control over these things.

I have some sample Javascript to login to your account and then access your core. It is not finished, mostly because I ran into a bug trying to refresh my device attributes. The workaround is that you have to refresh the page and login to your account again to get new Variables or Functions. However, it is still a handy page. I also have all the code in a zip file so that you can enhance it, fix it, etc.

Let me know if this helps you,