Key management | General | Forum

Avatar

Please consider registering
Guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —






— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed sp_TopicIcon
Key management
No permission to create posts
November 3, 2014
7:10 am
Avatar
chrisjmears

Gold
Members
Forum Posts: 54
Member Since:
April 26, 2013
sp_UserOfflineSmall Offline

One area in which Thingspeak seems to fall down a bit compared to xively is key management.

Say for example I produce a IoT project which I want to produce a small run of. For the device imagine i'm using an arduino with a cheap 16x2lcd shield with 6 buttons

If I use thingspeak and talkback that means I need a way of getting a 16 character thingspeak key into the controller and a 16 character talkback key into the controller. I also need to store the channel number for thingspeak and the channel number for talkback.

Thats a lot of keys to try and get an end user to enter via an lcd keypad.

Ideally it would be nice to have an API which just lets me give each user say an 8 character unique key which when entered can respond with the users unique keys for thingspeak, talkback and both channel numbers.

kind of a provisioning API.

I've been messing about trying to find a way to do this with the current apps. The best I've got to is:

Create a provisioning channel and hard code the key for this channel into the firmware

Send an update from the device to the provisioning channel. something like
https://api.thingspeak.com/update?api_key=XXXXXXXXXXXXXXXX&field1=PROVISION_SERIAL_NO,3374-3H8U

a react then picks up the PROVISION_SERIAL_NO,3374-3H8U

and triggers a similarly names Thing HTTP.

This then places a talkback command with the new keys. something like

https://api.thingspeak.com/talkbacks/539/commands?api_key=XXXXXXXXXXXXXXXX&command_string=PROVISION_FOR_SERIAL_NO,3374-3H8U,123456,YYYYYYYYYYYYYYYY,567,ZZZZZZZZZZZZZZZZ

So the pseudocode for the provisioning on the arduino would be

Inform user "Registering with server" Please wait
Request provision
delay(5000);
Request command response
byte attempts=1;
while (requested serial key != recieved serial key)
{
Request provision
delay 5000
Re Request command response
attempts++

if(attempts==6)
{
Inform the user "There is a problem. Please check your Serial number"
delay(5000);
break;
}
}

if Serial key matches the serial key that was requested
{
Inform the user "Controller registered OK"
Delay(5000)
Write data to eeprom
soft reset without delay
}

Of course the down side of this approach means I need to manually create a react for each unique user and also a thinghttp for each user.

Additionally, if anyone is able to get hold of the provisioning channel key, they can then listen for a provision request on the channel and grab the resultant talkback. They then have the keys for my device.

Its all a bit messy :-(

November 7, 2014
11:32 am
Avatar
lee

Admin
Forum Posts: 457
Member Since:
March 14, 2011
sp_UserOfflineSmall Offline

Hi Chris,

Thanks for the suggestions, we will discuss API key management internally and look for ways to improve it in the future.

lee

Forum Timezone: America/New_York

Most Users Ever Online: 166

Currently Online:
18 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

rw950431: 272

Vinod: 240

piajola: 95

turgo: 70

vespapierre: 63

Adarsh_Murthy: 62

Member Stats:

Guest Posters: 1

Members: 8665

Moderators: 1

Admins: 2

Forum Stats:

Groups: 3

Forums: 14

Topics: 1600

Posts: 5760

Newest Members:

Team_mafia, icXu, emorphistechno, VTVMART, manimozhi, adamhebrew

Moderators: cstapels: 460

Administrators: Hans: 405, lee: 457