Anyone here have used the Kontakt's REST API, to completely update the beacon the new way (beacon with at least Firmware 4.0) using the secure config? I have followed their API document and have done the steps below, but I am stuck at the last/3rd step. Just checking here while waiting from Kontakt's technical support to help me out.
STEPS:
Update beacon by creating a config e.g. "/config/create?uniqueId=abc&deviceType=beacon&txPower=2"
For the newest beacon (Firmware 4.1), get the secure config from the response of e.g. "/config/encrypt?uniqueId=abc". The secure response is from response's configs[0].config value, and this is what I send in the response parameter in the 3rd step below.
I am not sure if that is the right one to pass as it's not clearly stated in the document.
And lastly to synchronize state, update the cloud by sending the secure config e.g. "/device/update?uniqueId=abc&updated=1489619160440&response=AAMQIgDbyMlY7zruGWl89..."
The API is throwing Error 500 - Internal Server Error with this exact error code API_ERROR_1489800045650.
A beacon's configuration needs to be applied to the beacon by connecting to it using a Bluetooth interface, this cannot be done through a RESTful API service alone.
Changes in configuration for Kontakt.io beacons can be prepared over their RESTful API, but need to be applied through a BLE connection; at which point, the beacon will create a "secure response" that needs to be synced back to their API.
Kontakt.io's SDK already handles this, documentation for "Writing a new configuration to a beacon" covers this in depth, and there is some sample code in their GitHub account:
Fetch configs from API
Apply configs to nearby devices
Related
In the latest firmware update (3.10.30) of the FX7500 RFID reader a new service has been introduced called IoT Connector. This service enables you to transfer RFID tag data through the HTTP POST method. I've configured the endpoint for the tag data AND management data to a webhook.site URL.
When I enable the IoT Connector service the management data is sent out to the webhook.site URL but not the tag data. I assume that my RFID reader and antenna are not scanning.
Somebody know if i have missed any configurations?
You have to issue a Start REST API to get tag data, and set the Management and Control interface to Local REST to receive REST API calls. Please see documentation available from FX9600 support site - https://zebradevs.github.io/rfid-ziotc-docs/
I build an ionic app using version 1 some year ago, the app is public no authentication is required.
How can i enable api consume only from the android smartphone ?
If someone decompile the apk they can see the api and consume data from the api
How can i prevent this ?
At the end of the day, there isn't much you can do to completely prevent someone from accessing or scraping data via your public API.
However, here are some ideas that can help mitigate it:
API Key
Store an API Key in your app, and validate the key on the server side before processing the request. This suggestion isn't too helpful if they decompile your app, but at least it's a start in preventing the API from being exposed by just using the app (especially if you make all your HTTP requests over SSL).
IP Address Logging
Setup some code within your mobile app that logs the IP address of the user. Then, when a call is made to your public API - it compares the IP address from the request with the list of IP addresses that have been logged from the mobile app. You can even use timestamps to limit the time frame in which the API will be accessible.
Rate Limits/Usage Quotas
You can put some general rate-limits on your API. Only allow a certain number of requests within a specified time frame from any given IP address, user, device ID, etc.
Hope this helps. I would love to hear more thoughts from other people in the community as well!
All my hardware is already developed. I use MQTT for communication between my devices, I have lights, fans, heaters and many more ioT appliances. I can controll all of these from my Android application which i have built. I would like to use Google Assistant to control my devices as well. The status of my lights (on/off) are stored in a sql database and when ever a change occurs to the database(detected by the hardware) my hardware can control that specific light. In My Android app i do the same thing which is updating the databases value(on/off) of the light and the change is detected by my hardware platform. Can i use Google Assistant to update a sql database value?
I can create a webserver( ASP.NET C#) and pass the command to the sql database of my relevant customer if google assistant can invoke the username or email, lightID, command to my webserver. Can google assistant do this? If not how would achieve this.
It sounds like you want to take a look at the Actions on Google Smart Home API which will let the Assistants Smart Home controls work with your control server directly.
Without knowing exactly how your database or existing web server are configured or hosted, I can speak only broadly at best. Your web server will need to implement two primary things:
You'll need an OAuth2 server that can issue tokens that represent your users. This is how Google will associate the user's account on the Assistant with your account, and how Google will identify (to you) which user is issuing the command.
You will need to implement a webhook at a URL on your web server. This webhook will be sent a POST message containing a header with a valid auth token (that you issued) and a JSON body. The JSON will contain information about the command that has been issued by the user. Your HTTP reply body will also be JSON. For details of the JSON formats and all the fields that it can send and that you must reply with, consult Google's documentation.
There are a number of different commands (which Google calls "intents") that Google can send you on behalf of the user. You should be able to handle all of them by either querying or modifying your database:
SYNC - A request for what devices this user has, some of their configuration information, and what commands they respect.
QUERY - What is the current state of the devices for this user.
EXECUTE - Change the state on some of the user's devices.
RESYNC - (Future update) A re-request of the user's device info.
Is there a way of checking for IBM Bluemix outages, and on expected resolution time for specific services?
Currently the only way I know is to submit a request and check for error code 503. I do not know where to look for information of what services are affected and of expected resolution time for the problems.
The Bluemix Support Status page provides this information. You can filter it for the region or Services that interest you, and subscribe to RSS feeds from it.
I am writing a REST API providing CRUD operations on resources.
I'd like the users to be able to register to some resources changes and get the updates via server push. For the server push I will provide support for reverse ajax, hidden iframe and websockets. In order to be as REST as possible I created a Streaming resource which handles the registrations and the connection to the client:
Streaming resource:
URI uri : A GET against this URI refreshes the client representation of the resources accessible to this user.
bool WebSocket : Indicate if websocket is available on this server
bool ReverseXHR : Indicate if ReverseXHR is available on this server
bool HiddenIframe : Indicate if HiddenIframe is available on this server
Registration[] Registrations : The set of registration tasks.
OpenChannel : Open streaming channel from webserver to client. GET parameter type=(websocket|xhr|hiddeniframe)
CloseChannel : Close streaming channel from webserver to client. GET parameter type=(websocket|xhr|hiddeniframe)
A call of openchannel?type=websocket would open the websocket and start streaming the data of the registered values.
I've read many articles but I am still a bit confused. Can I still call my API REST after doing this? And if no (or yes) why?
Thank you for your help!
Firstly, always implement what makes sense to solve the problem you face. Conforming to a given architectural style provides specific benefits but this should not exclude pragmatic solutions to a given problem.
But having said that, it seems like you're using streaming of resource data as a way to "tunnel" information back & forth between the client and the server. I'm pretty new to this but it seems to me that the tunneling data goes against the uniform interface constraint in the REST architectural style. Tunneling over HTTP is one of criticism level against soap based services.