Help getting Particle functionality on local network (stay off Internet)

If you could provide me with direction on this initial Photon project of mine that would be great. First a bit of background on me so that you don’t wonder if I’m misusing software terms: I’m a mechanical engineer with some Arduino and html experience (but nothing in the way of web servers and such) who now wants to create a Wi-Fi enabled device. What I need is for a user with a laptop, tablet, or phone to interact with a program on the Photon but only through the router (traffic is to stay off of the Internet). For simplicity, I’d prefer if the Photon could just serve a web page for the user to press buttons (to control output pins) and see data from the Particle device.

Can you help me to recreate this tutorial using WLAN instead of the Internet?

edit: It occurred to me that my first question should have been, “Does this application need to stay off the Internet?” Here’s the scenario, will you let me know if local-only access is the way to go or if going through the Internet should be fine?

The device will be sold to banks and the output pins will control solenoid locks to their vaults (not really, it’s just an illustration). Maintenance workers are to be able to access the Photon via their Wi-Fi device (laptop, etc.) to control the system. It seems that since security is such a big concern then it would be good to keep the Photons off the Internet. If this is not necessary then could you describe what the system would look like? I’m guessing there’d be a web server, myawesomebankdevice.com, where clients could log in and then see a web page (the HTML code for which contains the device ID for their bank’s Photon) and that web page makes calls to api.particle.io/… so traffic would go user --> myawesomebankdevice.com --> particle.io --> Photon. Would the security implemented at myawesomebankdevice.com be the only thing we’d have to see to? If a bank robber got the device ID and the access token then she could control the Photon, right? Being paranoid, it seems like for this application the device IDs and access token for my clients (the banks) should not be on the web (in case myawesomebankdevice.com got hacked).

edit 2: Maybe it would be safe enough for the Photon could serve the web page but traffic still go to api.particle.io since the device ID and access token would only be stored (in the HTML document) on the Photon.

What you want to do is very possible to do with a Photon, however you will not be able to use any of the “Particle” functionality.

If you look at the reference documentation all of the functions under “Cloud Functions” are by definition using the internet. So you will need to avoid all of that. Also, you need to set the device in Manual mode to avoid any attempt to contact the cloud.

What you are left with is a very capable set of WiFi functionality. To create a server on the photon that can take connections and respond to input you would use TCPServer/TCPClient objects. Search in this forum for examples of how to use TCPServer.

To make sure your device remains inaccessible from the outside internet, however, is not so much a function of your Photon device, but rather how your router and/or other network appliances are configured.

Thanks for helping out, but I have to say these statements aren't entirely true.
SEMI_AUTOMATIC will be just as good for the purpose to prevent cloud connection on startup.

And there also is a local cloud server that can be used on your own private server to support Particle.xxxx() calls.

In a bank or similar security context I would not use TCPServer/TCPClient without encryption.
This should also be taken care of with the local cloud server.

That's so cool, I didn't know about that. Thanks!

Thank you @rvnash and @ScruffR.

You are referring to this, right?

I'm thinking that since communication to the Particle cloud is encrypted then having a hidden network with a local server pointing to api.particle.io would be safe enough.

If you see it that way, you can even skip the local server and just go via the cloud.

But what I meant was a local (slightly limited) Particle cloud server which will not need internet access at all but is still encrypted in our local network.