Skip to main content

Authentication

reCamera uses JWT Token authentication. After a successful login, the device returns a Token via the Set-Cookie response header. Subsequent requests must carry this Token.

Endpoint Overview

MethodPathPurposeRequires Login
GET/system/keyGet RSA public key (for password change)No
POST/system/loginLog in and obtain a TokenNo
GET/system/checkCheck if first-time loginNo
PUT/system/passwordChange admin passwordYes

Login

Request

POST /cgi-bin/entry.cgi/system/login
Content-Type: application/json

Request body:

{
"sUserName": "admin",
"sPassword": "your_password"
}
FieldDescription
sUserNameLogin username, default is admin
sPasswordLogin password, transmitted in plaintext

Response

{
"iStatus": 0,
"iAuth": 1,
"sWaittime": 0
}
FieldDescription
iStatus0 = correct password, -1 = wrong password, -3 = temporarily locked
iAuth1 = login successful, 0 = login failed, 2 = password change required
sWaittimeWait time in seconds when locked

Obtaining the Token

On successful login, the response headers contain Set-Cookie:

Set-Cookie: token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9...; Max-Age=86400; Path=/

The Token lifetime is determined by Max-Age, defaulting to 86400 seconds (24 hours).

Using the Token

All authenticated requests must include the Token in the Cookie header:

Cookie: token=<JWT_TOKEN>

For example, to get device information:

GET /cgi-bin/entry.cgi/system/device-info
Cookie: token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9...

If the Token is missing or expired, the device returns:

{
"code": 401,
"message": "Unauthorized: Invalid token or NO token provided"
}

Login Lockout

The device enforces an IP-based failed attempt limit. After repeated wrong passwords, iLoginAttempts increments. When the limit is reached, the device returns iStatus=-3 with a sWaittime value. You must wait for the lockout to expire before trying again.

Check First-Time Login

GET /cgi-bin/entry.cgi/system/check

Response:

{
"bFirst": false
}

bFirst=true indicates the device is in the first-time login flow and the default password should be changed.

Change Password

Changing the password requires obtaining an RSA public key first, then encrypting the old and new passwords before submitting.

Get Public Key

GET /cgi-bin/entry.cgi/system/key

Response:

{
"sPublicKey": "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEA...\n-----END RSA PUBLIC KEY-----"
}
FieldDescription
sPublicKeyRSA public key, used for password encryption during password change

Password Encryption

Compute the SHA256 hash of the password as a hexadecimal string, then encrypt it with the public key using RSA PKCS1v15 padding, and finally Base64-encode the result.

Submit Change

PUT /cgi-bin/entry.cgi/system/password
Content-Type: application/json

Request body:

{
"sUserName": "admin",
"sOldPassword": "<encrypted_old_password>",
"sNewPassword": "<encrypted_new_password>"
}
FieldDescription
sUserNameUsername
sOldPasswordEncrypted old password
sNewPasswordEncrypted new password

Success response:

{
"code": 0,
"message": "success"
}

Error codes:

CodeDescription
10001New password is too weak
10002Token expired, log in again

After changing the password, the current Token may become invalid. Log in again to obtain a new Token.

Technical Support and Product Discussion

Thank you for choosing our products! We are here to provide you with various support to ensure your experience with our products is as smooth as possible. We offer multiple communication channels to meet different preferences and needs.

Loading Comments...