@Dave, Thanks for replay and Yes & No.
So as I now understand the whole concept of the Cloud API is to encrypt data transfers.
I don’t need encryption when its not absolute under this governemnt rule:
Do you know that all encryption requires Depart of Justice Backdoor passwords be provided to them prior to being implimented ? Its a real law and all Rounter & firmware makers are suppose to abide to the US Gov. wishes. Supposedly only a MIT Encryption that is wide spread can not be busted by the NSA but, that’s who different monster.
What I am trying to do.
-
Not trying to change the Spark API. I know API (New Age) HTML/PHP HTTP Authentication (Old School)
-
The core instead of being sent an access token via CURL / Java Android API / or HTML a variable is used in the commands.
-
The Variable is validated from within the API secuirty as the variable validate resides in an external java script file on @kennethlimcp SD Card that is attached directly to Core.
-
For all Non-API Cloud connections using HTTP a cookie is placed in the browser (Leased) nothing special here.
There are people who can not afford https to be added to their website or lack the expertice to impliment server side coding to maintain “no https” connectivity with the Core.
You might say, why is he going to use an access_token with a non-cloud environment when he doesn’t have to ? If encryption of data is not an issue why not just use Apache Password protection on the web?
Answer: All the code will reside either on the CORE (IDE) or connected SD Card (Html / php / uQery /) that will run a Webserver with login protection - Authentication.
Fully Automatic (this Part)
Local Network --> Core wifi Webserver (Local Network) loaded. --> waiting for local or connection from internet HTTP.
Browser Connection initally on local netowrk (to obtain cookie for each device)
Authentication SD Card Webserver --> (Browser Cookie) --> SD Card Access --> Local Cloud API (Access_Token) --> Internet Access–> HMTL/PHP Webpage (On SD Card)–> Access_token_Variable used in webpage <-- External *.js file (on SD Card) containing "token validtator of real access_token number (Only place reall access_token number is – In the Core IDE Code>.
The real access_token “NEVER” gets transmitted in a command over the internet - Ever !
Browser (with cookie from local netowrk login)–> Internet --> Local Router --> Webpage (After Authentication) -->Verfies correct cookie in browser --> Html Page Parsed–> Comand with “access_token_variable” executed (All behind local firewal) --> access_token_variable compared in external *.js file with real access_token number in core.
Why do this way ? Having access to he core SD Car allows the use of a local cloud that connects to other local clouds pre-api IP to IP via Authentication. Once authenticated the two local clouds connect to each other. "Think of the possibilities ?