Differences

This shows you the differences between two versions of the page.

--- jsonpinterface [2013/08/07 12:09]
mysmartgrid
+++ jsonpinterface [2013/09/25 15:24] (current)
mysmartgrid [Security Considerations]
@@ Line 31: / Line 31: @@
-The response for the HTTP request performed by that tag contains JavaScript functions that return pairs of timestamps and values formatted as JSON arrays, as seen below.
+The response for the HTTP request performed by this //<script>// tag contains JavaScript functions that return pairs of timestamps and values formatted as JSON arrays, as seen below.
   function getDemoData(){
@@ Line 38: / Line 38: @@
-The URL informed in the //src// attribute must have the following structure:
+The URL informed in the //src// attribute of the //<script>// tag must have the following structure:
 **%%https://www.mysmartgrid.de%%/jsonp/sensor/**//<sensor id>//**?**//<parameters>//
@@ Line 53: / Line 53: @@
 | **end**          | First timestamp of the query period.     | Unix timestamp                 | Required if **start** is also informed. |
 | **interval**     | An alternative way of representing a standard period of time that ends right now, for example: the past 1 hour (60 min). | //hour//, //day//, //week// | Required only if **start** and **end** are not informed. Default: //hour// |
-| **token**        | The sensor authentication token.            | Please visit the [[https://www.mysmartgrid.de/sensor/mylist|sensors page]] | Mandatory |
+| **token**        | The sensor authentication token.            | Please visit the [[https://www.mysmartgrid.de/sensor/mylist|sensors page]] | Required if your website domain is not authorized to query the sensor measurements. See security considerations below. |
 | **data_function** | The name of the JavaScript function that your code will be able to call in order to get the measurements. | A JavaScript function name. | Optional, default: //get<sensor id>// |
 | **callback_function** | The name of the JavaScript function from your code that will be called, passing the measurements array as argument. | A JavaScript function name. | Optional |
@@ Line 93: / Line 93: @@
 ==== Security Considerations ====
-The token grants you access to the sensor. Everyone who knows the token can also see your sensor values, so you must protect it. As you can see above, our API only works via HTTPS. In order to protect the token you should not expose it to others, i.e. by embedding the JavaScript from above in unencrypted HTML pages of your application.
+The token grants you access to the sensor. Everyone who knows the token can also query your sensor values, so you must protect it. As you can see above, our API only works via HTTPS. In order to protect the token you should not expose it to others, i.e. by embedding the JavaScript from above in unencrypted HTML pages of your application.
+If you do **not** want to expose the token to the user, please go to the [[https://www.mysmartgrid.de/sensor/mylist|sensors page]], edit the sensor, and enter your website domain in the list of domains authorized to query the sensor. After that, mySmartGrid will authorize any query originated from a page loaded from your domain, so that you can omit the token argument from the HTTP request. Click [[https://www.mysmartgrid.de/sites/all/modules/logger/demo-chart-domain.html|here]] to see an example.
+At the moment, this feature is available only for some users. If you want to use it, please send an email to [[msg-support@itwm.fraunhofer.de]].
-We intend to replace the token by an application-specific token in the future. This app-token will simply replace the access token from above but will be issued on a per-app basis. This will allow a mySmartGrid user to delete an application's access from his data by simply revoking the corresponding app-token.

MySmartGrid Developer Wiki

User Tools

Site Tools

Differences

Page Tools