-
Notifications
You must be signed in to change notification settings - Fork 10
Home
Always when we encounter new IoT platform, first thing we ask for is transparency, security, portability and DX (yes, the Developer Experience; a new buzzword ©THiNX 2017). So we have decided to go on our own, open-source, public and completely transparent way. Our test WiFi AP's are public and you're free to use them with credentials disclosed in the source code.
We're striving to write secure code while giving it off to public scrutiny, we expect your inputs and we run regular dependency checks in order not to get flu from someone else. All the code is verified on CI using SourceClear, Sonarqube and others.
You can join us, if you are solving similar provlem.
This is second commit in order to start some documentation besides installation records for test server at http://thinx.cloud.
There are several things in need of documentation now, because there are takeovers between different platforms/environments/interfaces.
- Create account at our example THiNX server
- Get API Key
- Check out platform library and insert API Key
- Register the device
- Observer, attach, rebuild, update, notify...
List of all your devices incl. last checkin time, firmware version, etc.
Those are access keys for you and your devices. You can create as many keys as you like, preferably one per device. Most of the activities on API will be based on those access keys. Future ACL hierarchy extension is expected. Per-build API Key rotation feature is coming soon.
Add your GIT repositories with sources. In case the repositories are private, add a key in the RSA Keys section to access them securely.
Add your RSA keys for secure read-only access to your private git repositories.
Key-value based environment strings you define will be injected as variables to your source-code of the language you prefer. You can use this to inject SSID and PASSWORD of your WiFi (and even API Keys will be done like this soon) in case you don't want to store those in the GIT repository (e.g. your repo is public).
Personal details. Nobody expects those to be true. Your account is activated based on e-mail and that's enough. You can use any name, any avatar, nobody cares and all the data are kept as secure as possible anyway, because that's how we do it.
However, it enables you to enter your phone number and get in touch with us directly as a developer. Additionaly it provides Notification settings (we don't send any notifications at all, but seriously, we need a consent in case we'd actually need to do that).