Is it possible to access /devices/connected from a device which is not the domain admin?


#1

As per the title is there a way to give such permission to a device?
Otherwise i find myself storing my admin credentials in a python script which is not really that safe.
I would rather “limit” a certain device to access certain topics so that in case of security flaw i can still fix it with my domain admin account.

Regards,


#2

Hello,

Currently, there is no way to configure a device with such permission.

A possible solution is to create a script that uses your admin credential to get a list of devices connected, but instead of using the information, it can publish that information to a certain topic in your HUB (with retain flag), so you can use that information from other devices without having admin rights.

You can optionally limit those devices that are able to receive this information by using filters associated to the topic where the information about connected devices will be published.

This way you can keep your admin credencials in a separate system/scripts/folder-permission from credencials used by rest of devices for regular tasks.

You can also use SCI auth to generate a token associated to your admin device to avoid disclosing your admin password (and also retaining the ability to change password without breaking your deployment):

Best Regards,


Last Will not working on my side
#3

Hello,
according to REST API to manage MyQttHub service there is no mention on how to use SCI auth.
From your link it seems like i can just change the Client-ID but the server is responding that the password field in the json body is needed.