[SOLVED] How to hide access token and device ID in HTML DOC

applefarm · December 30, 2016, 12:33am

I can’t seem to find the code to read your token and ID from a PHP file so it doesn’t get revealed in code.

I plan to use the tutorial HTML Get Variable:

    <!DOCTYPE HTML>
    <html>
      <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript" charset="utf-8"></script>
    <body>
        <span id="temp">Waiting for data...</span><br>
        <span id="tstamp"></span><br>
    
        <script type="text/javascript">
    
          window.setInterval(function() {
    
            var deviceID = "<< device id >>";
            var accessToken = "<< access token >>";
            var varName = "temperature";
    
            requestURL = "https://api.spark.io/v1/devices/" + deviceID + "/" + varName + "/?access_token=" + accessToken;
            $.getJSON(requestURL, function(json) {
                     document.getElementById("temp").innerHTML = json.result + "&deg; F";
                     document.getElementById("temp").style.fontSize = "28px";
                     document.getElementById("tstamp").innerHTML = json.coreInfo.last_heard;
                     });
        }, 10000);
        </script>
    </body>
    </html>

Moors7 · December 30, 2016, 12:42am

If you search for “hide access”, you’ll find quite a few topics related to this. Depending on what it is you’re trying to do, you could also have a login form that you’d need to fill. That would circumvent the need for hard-coding credentials to begin with.

applefarm · December 30, 2016, 4:14am

Thanks, Moors.
I want to set it and forget it type of mentality.
I want to allow the public to view my Photon as a demonstration of a project I’m working on for greenhouse control.

I still have not found a good solution.
Now, this might be a silly question. But if I read in the access token using a secured file, wouldn’t you still be able to read it be open my webpage in Chrome developer to examine the value?

Maybe I’m overlooking something.

Thanks

applefarm · January 1, 2017, 2:24am

I’m going to take a different approach.
I will add a php server app that will read Photon variables and return them in a HTTP GET.
JS will process the returned values and display them.

All done with protecting token and ID.

harrisonhjones · January 1, 2017, 2:23pm

Good approach. I wrote a PHP Class for just this purpose.

Edit: that class works (I use it with my dashboard) but could use some love. I’d happily accept PRs.

applefarm · January 1, 2017, 5:41pm

Thanks a bunch Mr. Jones. It’s exactly what I needed to get started with my application.

Topic		Replies	Views
Keeping deviceID and access tokens private on the Web General	6	3038	May 27, 2016
Particle.login from web page using device ID / access token Cloud	5	1083	February 8, 2017
Assistance with XMLHttpRequest() Troubleshooting	3	1079	November 24, 2016
How to Identify the Access token of my device General argon	1	1823	April 17, 2019
Photon Web-connected LED HTML error Troubleshooting	2	527	November 21, 2018

[SOLVED] How to hide access token and device ID in HTML DOC

Related Topics