API for data accessibility

In IoT Open, there are several APIs to make data available both in real time and historically. In addition to the defined APIs that exist, integrations can also be made in the processing of data streams.

Architecture


The API on the right of the figure is used to retrieve data from the platform for processing or analysis outside the platform. Both real-time and historical data are available. The API on the left can also be used for processing ”raw” data from the devices in real time.

For real-time data, the main API is over MQTT. Either directly or as a web socket. All traffic to and from the platform is encrypted and authenticated. In addition to MQTT, there is also a RESTful API for all functions in the platform, including management of metadata around functions and devices. For historical data and also for current situation data, there is a very fast HTTP api for retrieving data series, which is suitable for analysis, visualization or reporting.

Control access to data - Authentication

All access to data is authenticated. Users are authenticated in a basic installation with a username and password and, if desired, two-factor authentication via SMS. Other authentication methods can be used. Upon login, the user receives a token string which is then used to verify the user. Users can also be identified with a so-called API key, which largely corresponds to a Token. It is also possible to set up API users who have a larger scope by defining API keys with higher authority. For integration with external systems, OAuth 2 can be used. Users are then asked if and what data is to be shared with third parties and through the OAuth 2 token, the integrator gets access to the scope that the user chooses.

Control access to data - Authorization

A token only gives access to the data the user has. This is regardless of whether the user listens or writes to MQTT or uses the REST API. The connection takes place via the user and the installations that are connected to him (person or system). If API keys with higher permissions are used, what key gives the opportunity to perform from key to key is set.