Plain, Non-Secure REST Interface

#1

Hi,
i want to connect some very simple devices to Losant, preferably with a simple HTTP-POST request. They don’t support SSL (or any other) encryption. Is there any support for this?

many thanks in advance,
Manfred

#2

Our REST interface requires HTTPS. The MQTT endpoint can be used without encryption, but I wouldn’t necessarily recommend it. For situations like this, I recommend using a local gateway - put a more powerful device that can do encryption between your simple device and Losant.

I’d recommend grabbing a Raspberry Pi and installing Nginx on it. The Nginx config would look something like this:

server {
  listen 8080;

  location / {
       proxy_pass https://api.losant.com;
  }
}

You can then connect your simple device to your Raspberry Pi on port 8080 and it will proxy all communications, securely, to Losant’s API. A single Raspberry Pi can likely support hundreds or thousands of devices connected to it when used like this.

We are developing an open-source gateway to solve this exact problem, but that won’t help you now. Our gateway is written in Node.js and we’ll be recommending a Raspberry Pi for the gateway device.

#3

Thank you for the quick reply. The point with the mentioned simple devices is, that they are very low-power and cheap, and a lot of them “in the wild”. But i’ll try both options. Thanks, again…

#4

As for low-power, inexpensive, wifi microcontrollers, we’ve had really good success with the ESP8266. It does support TLS encryption. You can pick up the modules for a couple of bucks each.

#5

Thanks again. Problem is, we already have this devices in use and they work with the GPRS network, so local proxying is not an option.

#6

Gotcha. I’d recommend trying the MQTT endpoint. MQTT is less overhead than HTTP anyway. The connect and publish calls require very little data.

#7

We have removed the automatic ssl redirect on the REST endpoint. You can now use that endpoint non-secure (although we don’t recommend it).

At a minimum, please ensure you are authenticating using device-level tokens, that way if your traffic is compromised, they can only masquerade as that single device.

1 Like
unlisted #8
listed #9