This page contains information on various security aspects of the EVRYTHNG Platform that may concern developers who are building apps and devices that integrate in a secure way.

API Authentication

All requests to the EVRYTHING API must be correctly authenticated using one of the two types of API key. Unauthenticated/incorrectly authenticated requests will be refused.

See Authentication for more information on authenticating requests.

Roles and Permissions

Within an account shared by more than one actor, the visibility and permissions of which resources can be manipulated by each actor are determined by the role they are assigned. Roles are attributed to the account level, and can only be created by the account administrator.

In addition, restrictive conditions can be assigned to actors to manage which particular resources they can see and interact with on a more granular level, based on a given resource attribute.

See Roles and Permissions for more information on using roles to control API access and read about Restrictive Conditions) to learn how to manage actors' accesses on a resource attribute basis.

Using CORS

To implement an entirely web-based solution (Javascript client, without any server-based app), you need to be able to call our APIs located on another domain than the website. To make the life of Javascript developers easier we provide support for CORS allow client-side Javascript to access our API directly with no need for server-side proxy-code. CORS (Cross-Origin Resource Sharing) is the preferred standard technique when dealing with the same-origin policy.

Our API implements the full CORS spec including pre-flight requests. To use it simply access our API from the main domain:

CORS in Common Libraries

Most of client-side libraries support CORS transparently. The example below is using jQuery to create a Thng directly from a client-side script:

const data = {
  name: 'Fridge',
  description: 'The fridge in the main kitchen',
  location: {
    latitude: 43.772828,
    longitude: 11.249488
  properties: {
    temperature_celsius: 5
  tags: [ 'demo' ]

  type: 'POST',
  contentType: 'application/json',
  data: JSON.stringify(data),
  success: console.log