[SOLVED] How to hide access token and device ID in HTML DOC

I can’t seem to find the code to read your token and ID from a PHP file so it doesn’t get revealed in code.

I plan to use the tutorial HTML Get Variable:

      <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript" charset="utf-8"></script>
        <span id="temp">Waiting for data...</span><br>
        <span id="tstamp"></span><br>
        <script type="text/javascript">
          window.setInterval(function() {
            var deviceID = "<< device id >>";
            var accessToken = "<< access token >>";
            var varName = "temperature";
            requestURL = "https://api.spark.io/v1/devices/" + deviceID + "/" + varName + "/?access_token=" + accessToken;
            $.getJSON(requestURL, function(json) {
                     document.getElementById("temp").innerHTML = json.result + "&deg; F";
                     document.getElementById("temp").style.fontSize = "28px";
                     document.getElementById("tstamp").innerHTML = json.coreInfo.last_heard;
        }, 10000);

If you search for “hide access”, you’ll find quite a few topics related to this. Depending on what it is you’re trying to do, you could also have a login form that you’d need to fill. That would circumvent the need for hard-coding credentials to begin with.

1 Like

Thanks, Moors.
I want to set it and forget it type of mentality.
I want to allow the public to view my Photon as a demonstration of a project I’m working on for greenhouse control.

I still have not found a good solution.
Now, this might be a silly question. But if I read in the access token using a secured file, wouldn’t you still be able to read it be open my webpage in Chrome developer to examine the value?

Maybe I’m overlooking something.


I’m going to take a different approach.
I will add a php server app that will read Photon variables and return them in a HTTP GET.
JS will process the returned values and display them.

All done with protecting token and ID.

Good approach. I wrote a PHP Class for just this purpose.

Edit: that class works (I use it with my dashboard) but could use some love. I’d happily accept PRs.

Thanks a bunch Mr. Jones. It’s exactly what I needed to get started with my application.

1 Like