Jumped in the deep end, learning to swim

Hi there,

I know enough about arduinos to get me into trouble, and unfortunately rarely find myself having enough time to work out how to get out of trouble again!

I have recently integrated an Electron into a project at work, which is a remote boom gate. This boom gate needed the ability to be opened remotely and I identified the Electron as the ideal product for this. I have re-purposed the Control LEDs over the net example including the html code such that the end user can have the html file on their desktop and run it whenever they need to open the gate. (The most user friendly way I could see to send a POST request). I’m struggling to find a simple solution to this on mobile, whilst the file method generally works on android, I can’t work it out on iPhones.

Now the more I read, the more I’m beginning to think the pool is getting deeper. I keep seeing that my access token should be protected so customers can’t see it. I don’t have an organisation setup in my dashboard, and this is currently the only product in the field. We plan to offer it as a solution, but in reality it may end up only being in the 10’s rather than 100’s or 1000’s. I don’t see the value in setting up an organisation in that regard, but does the sharing of the access token become an issue once I have more than 1 product?

Secondly, I’d like a more polished response page than what comes back when you submit a POST from the example html code. I just don’t know where I would start with that. Can I write something into the simple html file that parses the response from the api or is it more complicated than that?

I welcome any feedback because I have spent the day reading documentation and I am getting more and more confused.

One (of countless) option for your mobile “problem” would be DO button via IFTTT.

For your desktop you could consider a dedicated app.

Or you have a hosted web page that can be hit from any device and hides the access token from the user.

or …, or …, or … :wink:

DO button would only be useful for me but what I want is for our customer to be able to use it without the rigmarole of setting it up. I tried Blynk also because you can share a project after creating it but the issue there is they would have to scan the QR code everytime they wanted to run it.

The best option I see is for a hosted responsive web page. I just need to work out how it’s done while hiding the access token. But I still don’t get why it’s so important to hide the access token.

A hosted webpage (potentially using PHP or some other server sided password obfuscation) would probably be ideal.

Would you give someone the keys to your house? Would you want a random stranger to be able to open your gates? If the answer is ‘no’, then that’s why the Accesstoken is important. It all rights on your account and devices and as such is as powerful as your email/password combo. You wouldn’t give that away either, now would you?

After a bit more research, I came across a spark dashboard example that uses the access token as the login and then you have full access to all devices so I now understand a bit better. I didn’t realise that was the case!

So it looks like I need to learn some php. I have found a thread where they discuss using an index pages and a separate php that does the api request, thus hiding the token from the user. I’ll have a crack at modifying that for my purpose.

1 Like

just to keep this thread from hanging, I’ve continued my quest in a web app thread I have found somewhat useful. See my progress here. I think I’ve almost got a suitable solution.