How to Protect Your Devices with Your aREST API Key
Last Update: Tue, May 23 2023
aREST was made to make it as easy as possible to control devices remotely, with the minimum amount of configuration possible, and without requiring to create an account to connect your devices to the cloud. However, past the testing phase, it is a good idea to actually protect your devices with an API key to make sure only you can access them from anywhere in the world.
In this tutorial, we'll see how to actually do that with the ESP8266 WiFi chip as an example. However, this could apply to any platform that is compatible with aREST, like Arduino. We'll first see how to actually get the API key, how to use it when setting up your devices, and finally how to access a device that is protected by a key.
Why Protect Your Devices?
aREST gives you the possibility to really quickly connect your favourite devices (like the ESP8266) to the cloud, without having to register your devices or open an account. However, that case should be limited to testing purposes only as then anyone can access your devices given that they have your device ID.
To prevent that, aREST has a system have API keys that can be used to lock your devices, making sure that nobody else can take the same device ID, but also that only you can access your devices as the API key is needed to send commands to a protected device.
Therefore, for any application where you will use aREST for everyday use (like home automation, remote monitoring, etc) I really recommend you to protect your devices using an API key. It also allows you to use some extra features of aREST, like storing events sent by your devices.
Getting Your aREST API Key
The first step to protect your devices via an API key is to actually create a free account on the aREST dashboard, that you can do by click here:
Once you create an account, an API key will be automatically generated for you, that you can find inside the account section of the dashboard:
To learn more at this stage on how to learn how to use the aREST, I recommend checking our dedicated tutorial.
Using Your API Key in a Sketch
Using the API inside a sketch is actually really simple. For an Arduino IDE-compatible board, like an Arduino board or an ESP8266 board, you simply need to add this line inside the setup() function of the sketch:
Note that you can also define a device ID for your board, or just not set it so the aREST cloud platform generates one automatically for you. This is for example very useful if you need to deploy the same sketch on a large quantity of boards.
Once you set the key inside the sketch, you simply upload it on your board. Your device should then be visible inside the Devices tab in the dashboard:
Note that here I used an ESP8266, but this would work on any board compatible with aREST.
How to Control Devices with Your API Key
To end this tutorial, I now want to show you how your device is actually protected when using an API key. For that, I just configured an ESP8266 board with a standard aREST cloud sketch, and also by setting an API key. You can find more about how to configure a board for the aREST cloud access inside this tutorial.
Once the device is online, I tried to access it directly via the API, without providing any additional parameter:
As you can see, the cloud platform blocked the call, as I didn't provide any API. No information was returned about the device, and of course my command was not executed. Now let's do the same but this time providing the API key as a query parameter:
This time, it works as usual, returning information about the board as it should.
With what you learned inside this tutorial, you can now use your API keys to protect your devices that you connect to the aREST cloud. As I mentioned before, I really recommend protecting your devices if you are using aREST for any projects that is outside the testing phase and that you will use regularly, so nobody else than you can access your devices.In this tutorial, we'll see how to actually do that with the ESP8266 WiFi chip as an example. However, this could apply to any platform that is compatible with aREST, like Arduino. We'll first see how to actually get the API key, how to use it when setting up your devices, and finally how to access a device that is protected by a key.