RPC Authentication and Resource Identification


#1

RPC Authorization

The RPC requires authentication for a client by using one of the following:
(per http://docs.exosite.com/rpc - 11/25/2014)

{"cik": CIK} authenticates as the client identified by the given CIK. This is the most common form.
{"cik": CIK, "client_id": RID} authenticates as the given client if the CIK identifies an ancestor (parent) of the given client.
{"cik": CIK, "resource_id": RID} authenticate as the owner of the given resource if the CIK identifies as an ancestor of the given resource.

So, to make an RPC call on a client (device for example) in the platform, you need it’s CIK -or- you need to be the owner client of that device client and call out the Resource Identifier for your client.

Example stack-up, lets assume you have the top CIK here:

Client (Portal for example) [Auth -> Self CIK]
|
~~ Client (Device) [Auth-> Self CIK or Parent CIK + Device RID]
       |
       ~~ Resource (Dataport)  [Auth ->Device CIK +  (RID or Alias)]

RPC Resource Identification

The Resource Identifier for many of the RPC calls can use RID or Alias of the resource (including clients).
http://docs.exosite.com/rpc/#identifying-resources

Example, if I had a dataport for holding temperature data, with an RID of 420000000000000000000 and it has an alias of 'temperature, I could use the following options for the ResourceID when making any RPC that required the resource ID.

  • “42000000000000000000000000000000”
  • {“alias”:“temperature”}

Let’s see what an ‘info’ call request would look like regarding a dataport:

{
    "auth": {"cik": "e469e336ff9c8ed9176bc05ed7fa40daaaaaaaaa"},
    "calls": [ { "procedure": "info", "arguments": [ {"alias":"temperature"}, {"basic": true,"description": true } ] }]
}

alternatively, I could use the following which would be identical:

{
    "auth": {"cik": "e469e336ff9c8ed9176bc05ed7fa40daaaaaaaaa"},
    "calls": [ { "procedure": "info", "arguments": ["42000000000000000000000000000000", {"basic": true,"description": true } ] }]
}

Now, if I was making an RPC call about a client and I was using the CIK of that client for authorization, then I have the following options for the ResourceID. Let’s say my RID of this Client is 240000000000000000000000000000000. Possible options for the ResourceID value are:

  • “240000000000000000000000000000000”
  • {“alias”:""}

That’s right- You can reference the client itself using alias of “”. This is true also in our Lua Scripting in the platform.

If I were to make an ‘info’ RPC call about the device client, it would look like this:

{
    "auth": {"cik": "e469e336ff9c8ed9176bc05ed7fa40daaaaaaaaa"},
    "calls": [ { "procedure": "info", "arguments": [ {"alias":""}, {"basic": true,"description": true } ] }]
}

What probably isn’t initially clear is that to specify the client itself as the resource, you can pass an empty string in for the alias, so that the ResourceID is {“alias”: “”} .