How to auth client when using websocket or restful api?


#1

Hi,I had read the FlytAPI document api.flytbase.com, but i didn’t find any api used for
authenticate client.
Is there any way to authenticate the client request from remote server for security?


#2

Please checkout the Beginner Guide on FlytBase Cloud and its APIs. The guide should help you understand the Auth Method used in FlytCloud APIs.

For APIs exposed via FlytCloud, we use Token based authentication to verify the authenticity of the API call.
For APIs exposed in LAN using a local web server, there is no authentication layer as of this moment, as we expect anonymous user will not get access to the LAN in the first place. We are anyway in the process of implementing a ‘Basic Authentication’ for this route as well.

The reason you didn’t find auth details, is because the API guide is for Local Network calls, which as mentioned above, doesn’t have auth layer yet. Except for the Auth Header, there is absolutely no difference in APIs exposed via FlytCloud and local LAN.


#3

Thanks for your replay. But if the drone has a public IP such as 8.8.8.8, how to protect it from attacts?
And the flytconsole didn’t need login,Is there any measure of security protection?


#4

Hi @chen_log,

Right now it is indeed open for attack.
We are working on adding a security layer, but I don’t have a release date of the feature yet.

In the meantime, please set firewall in RPi and allow port 80 access to your own local IP.


#5

OK, Thanks for you help.