N00b needs help to authenticate for cloud API

Hebol · December 19, 2022, 7:44pm

Hi!

Bought a few sensors to monitor the current temperature of two saunas and the Gateway to access the data outside of the LAN.

App works and gateway is connected. I have found the API to call but:
How do I authenticate?

I know there is documentation about using MQTT but I’d rather use a simple REST API.

otso · December 19, 2022, 9:33pm

Hello,

Here is an example how to poll data from your Gateway:

e.g.
curl -H “Authorization: Bearer 0i0XJhGjpiMdEBRxI+hEXtJoGoL1jM7DFv6c6netsjU=” http://192.168.1.108/history
after setting up the Bearer authentication.

Hebol · December 20, 2022, 8:16am

Thanks!

This I can use if I want to talk to the Gateway. I want to use the cloud-API but it have given me a few Ideas to try:

Using the token from my gateway
Using the token that the Web-page sends (the Bearer token that can be found in the developer console)
See if there is a hidden token generation in the Ruuvi-web somewhere

Cheers // Martin

otso · December 20, 2022, 9:11am

Hello,

If you want to get data from Ruuvi Cloud, you can use our API:

Please note that our API is in beta and while we use it internally and don’t plan to do any big changes, some breaking changes are to be expected especially before we have launched the Ultimate subscription plan.

In short your user flow would be to call https://network.ruuvi.com/register to get verification token emailed to you and then register the verification token with https://network.ruuvi.com/verify .

From /verify you get the actually access token you can use to authenticate to Ruuvi Cloud. Please be careful while developing, we may throttle or ban IPs and accounts which cause exceptional amount of traffic for example by downloading full history data of a tag repeatedly as that resembles a DOS attack to our service.

Hebol · December 20, 2022, 9:19am

Thanx!
I found the API alright, just not an automated flow for retrieving the token. Reading mail can of course be done by servers but it quite cumbersome compared to normal OAuth-processes.

What is the lifespan of the token returned from this?
I saw that this is the same flow that You use in your web-frontend.

Of course I will cache the data. In my simple use case I want to display the last few hours temperature in the Sauna to be able to determine if the sauna is on or off.

otso · December 20, 2022, 9:24am

True, we might add other authentication methods in the future.

Tokens are invalidated after 6 months of inactivity.

Fetching few hours of data for one sensor once per minute or so can be done without caching too, no worries in that case.