I am pushing variables and calling functions from a web page and logging in via particle.login({username: ‘xxx@yy.com’, password: ‘zzzz’}) as per the Particle JS API. I don’t like exposing my login details on a public web page, is there a way to login using the device ID / access token? I am not able to find this anywhere. Thanks!
You don’t need to log in at all if you have the access token. Just pass the access token string into any of the calls. Here’s an example that allows you to log in with username and password and saves the access token in a cookie, just view the source to the page. This is still not perfect because the token is also also sensitive, but better than storing the username and password in the code, in my opinion.
So the way it works is that you need to login to get a new (temporary?) access token, which you can then use for a certain period of time to call functions? Is it not possible to use the generic access token and device ID (from the settings in the web IDE) which does not expire?
You have two options:
You can pass an additional parameter ‘tokenDuration’ along with ‘username’ and ‘password’ to login. The token duration is in seconds.
You can also use the access token from build.particle.io; just pass the string directly into any call that takes an auth parameter and skip the login step entirely.
Ahh got it, somehow I totally missed option 2.
What is the benefit for method 1 (getting a temporary token via a login)? Is it so that you don’t expose your access token publicly?
Thanks for the help!
Method one is probably preferred since you then don’t have to hardcode any credentials, your credentials won’t get saved, and the accesstoken can be short-lived.