Skip to content

Authentication

Fresh

The Cloud Phone API supports two authentication methods. You only need to implement one.

Token Verification

The simpler method. Obtain your token from the GEELark client.

Required Request Headers

HeaderDescription
traceIdVersion 4 UUID (unique per request)
AuthorizationBearer <your_token>
Content-Typeapplication/json

How It Works

  1. Get your token from the GEELark client settings
  2. Include it in the Authorization header with the Bearer prefix
  3. Generate a unique traceId (UUID v4) for each request

Key Verification

More secure method using HMAC-style signature verification.

Required Request Headers

HeaderDescriptionExample
appIdTeam AppIdeH6gQR4oHr3FsZpI36La01IW
traceIdUnique request ID (UUID v4)db6094ab-3797-4186-84d5-b0b58eebad56
tsTimestamp in milliseconds1716972892166
nonceFirst 6 characters of traceIddb6094
signSHA256 signature (uppercase hex)6280C080AF7C3CCE...
Content-Typeapplication/jsonapplication/json

Signature Generation

The sign value is generated by:

  1. Concatenate: TeamAppId + traceId + ts + nonce + TeamApiKey
  2. Generate SHA256 hash of the concatenated string
  3. Convert to uppercase hexadecimal

Example

Given ApiKey = YjmFIUuq0oJgSDJ42fxLEb6R1qjjqf:

Input:  eH6gQR4oHr3FsZpI36La01IW + db6094ab-3797-4186-84d5-b0b58eebad56 + 1716972892166 + db6094 + YjmFIUuq0oJgSDJ42fxLEb6R1qjjqf
Output: 6280C080AF7C3CCE168F15C913E3444A00A618CB0E16038EED9811D6E3366BDD

Browser API Authentication

The Browser API runs locally on http://localhost:40185 and does not require authentication. The GEELark desktop client must be running and logged in.

WARNING

The Browser API is only accessible from the local machine. Do not expose port 40185 to external networks.

GEELark API Documentation - Built with VitePress