Skip to content


The StreetHawk HTTP REST API provides endpoints for you to access StreetHawk functionality.

We have native sources for sending analytics data (Android, iOS, etc.) that are all built for high-performance and are open-source. But sometimes you may want to send to the HTTP API directly—that’s what this reference is for.

Details of available api endpoints and their parameter reference can be found here


Most API calls require to be authenticated. Streethawk provides multiple authentication options providing different scope and access level.


Cookies are used for Dashboard Users. The Cookie will be set on logging in. Additionally you have to set the X-App-Key HTTP Header to your app_key. This method is best suited for custom web dashboards, authenticated users get full user level access to StreetHawk functionality.

Secret Auth Token

An auth token is used to access the API programmatically. It is linked to a specific User and a specific App. The auth token has to be submitted as a GET or POST parameter auth_token or as X-Auth-Token HTTP header. You can find your auth_token here.


Do not share this token or store it in your app.

Install Token Authentication

Install Token Authentication is a mechanism by which devices can authenticate with the server without the need for a permanent preshared key. This allows installs to access it's data on the server. The Install token has a default expiry of one hour.

How it works:

  1. Dashboard User generates an token from GET /v3/users/token?installid=xxxxxxx
  2. The token is then sent to the device using whatever means available (deeplink, simple copy paste from slack, push, sms). See section on token distribution
  3. The device then uses the intall token in the request header to make authenticated requests.

Endpoints currently supporting install token v3/tooltips

Token Distribution

This is the mechanism by which an install auth token is sent to the device install for which the token is generated.

Plain text: The token is just a simple string it can be distributed to the device using any means by which a string can be published.


For testing with our sample app, you can install slack or email the key to the test device and paste in to the sample app’s token text field.

Deeplink: a deeplink is genererated which is sent to the device through a qr code,push or sms. When the user clicks on the deeplink it willl launch the app and the token will be stored by the app

Example :

  1. Get token
  2. Use token in query param or header