0

I would like to know how can I manage security for Client Side Application (web app) in Watson IOT.
To send MQTT message to devices, I have to use Application API Keys. Since we cannot assign security right based on username/password (like read/write access to /user1 topic) like a standard MQTT broker, how can I protect user to send commands to unauthorized devices ?

I try to do something similar to this : StackOverflow - Amazon Client Side Application

Community
  • 1
  • 1
rick07
  • 1
  • 1

1 Answers1

1

If you are looking to limit a user to certain devices, you may want to map the user to API key. Then you could build authorization logic in your javascript application.

For example, based on the API key:

  • subscribe to certain event topics "iot-2/type/device_type/id/device_id/evt/event_id/fmt/format_string"
  • subscribe to certain command topics "iot-2/type/device_type/id/device_id/cmd/command_id/fmt/format_string"
  • publish only to certain command topics "iot-2/type/device_type/id/device_id/cmd/command_id/fmt/format_string"
Mike T
  • 36
  • 2
  • My code will have authorization logic, so user can send command only to specific device. The problem is if someone get access to API Key (by looking at the code or unpacking mobile app), he can send command to any devices. But he can not do this with the example above from Amazon AWS. – rick07 Dec 09 '16 at 17:57
  • Sorry, I misunderstood your question. You don't want to hard code any credentials (API key / token). You will need – Mike T Dec 09 '16 at 21:03
  • .. You will need to use external backend service to get the credentials – Mike T Dec 09 '16 at 21:05