Plain, Non-Secure REST Interface

Manfred_Kraft · April 4, 2016, 10:25am

Hi,
i want to connect some very simple devices to Losant, preferably with a simple HTTP-POST request. They don’t support SSL (or any other) encryption. Is there any support for this?

many thanks in advance,
Manfred

Brandon_Cannaday · April 4, 2016, 3:28pm

Our REST interface requires HTTPS. The MQTT endpoint can be used without encryption, but I wouldn’t necessarily recommend it. For situations like this, I recommend using a local gateway - put a more powerful device that can do encryption between your simple device and Losant.

I’d recommend grabbing a Raspberry Pi and installing Nginx on it. The Nginx config would look something like this:

server {
  listen 8080;

  location / {
       proxy_pass https://api.losant.com;
  }
}

You can then connect your simple device to your Raspberry Pi on port 8080 and it will proxy all communications, securely, to Losant’s API. A single Raspberry Pi can likely support hundreds or thousands of devices connected to it when used like this.

We are developing an open-source gateway to solve this exact problem, but that won’t help you now. Our gateway is written in Node.js and we’ll be recommending a Raspberry Pi for the gateway device.

Manfred_Kraft · April 4, 2016, 3:34pm

Thank you for the quick reply. The point with the mentioned simple devices is, that they are very low-power and cheap, and a lot of them “in the wild”. But i’ll try both options. Thanks, again…

Brandon_Cannaday · April 4, 2016, 3:45pm

As for low-power, inexpensive, wifi microcontrollers, we’ve had really good success with the ESP8266. It does support TLS encryption. You can pick up the modules for a couple of bucks each.

Manfred_Kraft · April 4, 2016, 4:11pm

Thanks again. Problem is, we already have this devices in use and they work with the GPRS network, so local proxying is not an option.

Brandon_Cannaday · April 4, 2016, 4:30pm

Gotcha. I’d recommend trying the MQTT endpoint. MQTT is less overhead than HTTP anyway. The connect and publish calls require very little data.

Brandon_Cannaday · April 5, 2016, 10:08pm

We have removed the automatic ssl redirect on the REST endpoint. You can now use that endpoint non-secure (although we don’t recommend it).

At a minimum, please ensure you are authenticating using device-level tokens, that way if your traffic is compromised, they can only masquerade as that single device.

Topic		Replies	Views
[Solved] Connecting from an IoT Gateway Help gateway	2	723	January 31, 2019
Losant broker over MQTTs Help mqtt	10	747	April 2, 2021
HTTP request Not working with Endpoint on Losant Help mqtt , rest-api , device	2	555	June 9, 2021
[Solved] Need help transmitting HTTP POST to Losant using raw socket Help	1	1084	August 9, 2017
Device won't transmit to Losant, mqttClient.state -2 Help mqtt	26	2285	September 2, 2020

Plain, Non-Secure REST Interface

Related Topics