OneNET IoT Platform Platform Introduction Introduction Manual Guidline for Device Development Guideline for Application Development
API
API Usage API List SDK MQTT LwM2M EDP Modbus TCP
HTTP Push

# API Call

The platform provides open API interface. whcih user can call by HTTP/HTTPS to perform operations such as device management, data query, and device command interaction etc. on the basis of the API, to build upper-layer application according to their own personalized needs

API Authentication

To improve API access security, authentication parametes of OneNET API exist as header parameter

OneNET supports both ordinary and secure authentication methods, comparison as shown in the following table:

ordinary secure(recommended)
core secret keyapiKeyaccessKey
header parameter name "api-key""Authorization"
header parameter value apiKey (direct transmission key) token consisting of parameter group, no secret key
access time control not support support (access timeliness is controlled by parameter in parameter group)
custom permission not support support (coming soon)
core key update not support support (coming soon)
HTTPS support support
security lower higher

Ordinary Authentication

Ordinary authentication method use apiKey as the authentication key. The apiKey is divided into two access levels: product level (Master) and device level

product level device level
quantity unique can be mutiple
authority scope operations of all resources under the product, including:
device, datastream, datapoint, trigger, file, command, and device apiKey
full operation for some device, including
device detail, device datastream, device datapoint
custom permission not support support device level
require user to perform the association operation between apiKey and device. Once associated, get the maximum permission of device

Example of Call

(take "API for Inquire Device Detail" as an example)

GET /devices/3532392 
api-key: WhI3aidfa82SUBD34h123hv1c=

Security Authentication

In the security authentication method, accessKey is used as core key. user needs to use core key to calculate signature by signature algorithm, which form a token with other parameters, and then proceed authentication with token as the request header parameter

The security authentication method improves authentication security by avoiding direct transmission of core key over network, adding timeliness control on authentication parameter, and adding granular control on key authority (coming soon), to ensure access security at maximum

More details please refer to [Security Authentication] (/book/easy-manual/auth.md) section

Example of Call、

(Take "API for Inquire Device Detail" as an example)

GET /devices/3532392
Authorization: version=2018-10-31&res=products%2F123123&et=1537255523&method=sha1&sign=ZjA1NzZlMmMxYzIOTg3MjBzNjYTI2MjA4Yw%3D

results matching ""

    No results matching ""