How to Protect Your Devices with Your aREST API Key

How to Protect Your Devices with Your aREST API Key

aREST was made to make it as easy as possible to control devices remotely, with the minimum amount of configuration possible, and without requiring to create an account to connect your devices to the cloud. However, past the testing phase, it is a good idea to actually protect your devices with an API key to make sure only you can access them from anywhere in the world.

In this tutorial, we'll see how to actually do that with the ESP8266 WiFi chip as an example. However, this could apply to any platform that is compatible with aREST, like Arduino. We'll first see how to actually get the API key, how to use it when setting up your devices, and finally how to access a device that is protected by a key.


Why Protect Your Devices?

aREST gives you the possibility to really quickly connect your favourite devices (like the ESP8266) to the cloud, without having to register your devices or open an account. However, that case should be limited to testing purposes only as then anyone can access your devices given that they have your device ID. 

To prevent that, aREST has a system have API keys that can be used to lock your devices, making sure that nobody else can take the same device ID, but also that only you can access your devices as the API key is needed to send commands to a protected device.

Therefore, for any application where you will use aREST for everyday use (like home automation, remote monitoring, etc) I really recommend you to protect your devices using an API key. It also allows you to use some extra features of aREST, like storing events sent by your devices.

Getting Your aREST API Key

The first step to protect your devices via an API key is to actually create a free account on the aREST dashboard, that you can do by click here:

https://dashboard.arest.io/

Once you create an account, an API key will be automatically generated for you, that you can find inside the account section of the dashboard:

How to Protect Your Devices with Your aREST API Key

To learn more at this stage on how to learn how to use the aREST, I recommend checking our dedicated tutorial.

Using Your API Key in a Sketch

Using the API inside a sketch is actually really simple. For an Arduino IDE-compatible board, like an Arduino board or an ESP8266 board, you simply need to add this line inside the setup() function of the sketch:

Note that you can also define a device ID for your board, or just not set it so the aREST cloud platform generates one automatically for you. This is for example very useful if you need to deploy the same sketch on a large quantity of boards.

Once you set the key inside the sketch, you simply upload it on your board. Your device should then be visible inside the Devices tab in the dashboard:

How to Protect Your Devices with Your aREST API Key

Note that here I used an ESP8266, but this would work on any board compatible with aREST.

How to Control Devices with Your API Key

To end this tutorial, I now want to show you how your device is actually protected when using an API key. For that, I just configured an ESP8266 board with a standard aREST cloud sketch, and also by setting an API key. You can find more about how to configure a board for the aREST cloud access inside this tutorial.

Once the device is online, I tried to access it directly via the API, without providing any additional parameter:

How to Protect Your Devices with Your aREST API Key

As you can see, the cloud platform blocked the call, as I didn't provide any API. No information was returned about the device, and of course my command was not executed. Now let's do the same but this time providing the API key as a query parameter:

How to Protect Your Devices with Your aREST API Key

This time, it works as usual, returning information about the board as it should. 

With what you learned inside this tutorial, you can now use your API keys to protect your devices that you connect to the aREST cloud. As I mentioned before, I really recommend protecting your devices if you are using aREST for any projects that is outside the testing phase and that you will use regularly, so nobody else than you can access your devices.

Want to learn more about aREST?
If yes, join over 6,000 people who receive exclusive information about the aREST framework. You will also receive a free sample from my book, Discover the aREST Framework. Simply click on the button below!

Leave a Comment

Please enter your name.
Please enter your email.
Please enter your comment.
Haivo 16 days ago
Does this work with free account? My device works fine with url and device id but i cant see my device on my device list or cant get it work with API key when using ESP8266_cloud sketch. When i watch my account it dosnt show anything on "current plan" also other lines are 0/ nothing.
Reply
Please enter your name.
Please enter your email.
Please enter your comment.
Marco Schwartz Haivo 18 hours ago

Hi Haivo, it should indeed! Make sure to send us a message at [email protected] and someone will help you out with this :)

Amir 3 months ago
Hi Mario, I just noticed that the API key protects only the devices section and the shaboards section remains open to anyone who can access the link
Reply
Please enter your name.
Please enter your email.
Please enter your comment.
Marco Schwartz Amir 2 months ago
Hi, thanks for reporting that, we'll look into it!
Shares
How to Protect Your Devices with Your aREST API Key How to Protect Your Devices with Your aREST API Key How to Protect Your Devices with Your aREST API Key How to Protect Your Devices with Your aREST API Key How to Protect Your Devices with Your aREST API Key How to Protect Your Devices with Your aREST API Key
Someone from Israel
Recently signed up
3 months ago
Someone from Italy
Recently visited this page
18 hours ago
Someone from Italy
Recently visited this page
18 hours ago
Someone from Italy
Recently visited this page
18 hours ago
Someone from Ukraine
Recently visited this page
19 hours ago
Someone from Ukraine
Recently visited this page
19 hours ago