You can use your Ubidots App as the host to your IoT resources (devices, and variables) and have a separate, external app (whether it’s web, desktop, or mobile) where your end users access those resources in a safe and controlled way, and without disclosing any Ubidots credentials, by using OAuth 2.0.
OAuth 2.0 is an authorization protocol designed with the aim of granting limited access to a set of resources within a web service (Ubidots, in this case). Just imagine the possibilities... You’ll be able to create your own apps for Android, iOS, or any web app, and deliver, transform and display this information for your end users as you see fit, just with a couple of requests.
Certainly, the process of creating your own app could be frustrating and potentially jeopardize the security of your Ubidots application. With OAuth 2.0 you can grant limited access to your users and refresh the access token whenever you want. To better understand the authorization flow, you can see the image below or visit this website.
Requirements
An active Ubidots account (Enterprise license and above).
1. How to use the OAuth 2.0 endpoints?
The OAuth 2.0 endpoints are available in this documentation. Follow the next steps to learn how to use the OAuth 2.0 endpoints.
Step 1: Open your terminal or the HTTP client of your preference.
Step 2: Make a POST request to the access token endpoint.
curl --location --request POST 'https://industrial.api.ubidots.com/o/token/' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'grant_type=password' \
--data 'username=check' \
--data 'password=75904268leo' \
--data 'scope=read write' \
--data 'client_id=<Your-client-id>' \
--data 'client_secret= <Your-client-secret>' \
Step 3: Set the specific parameters established for this endpoint: username, password, client_id, and client_secret. You’ll get the following response.
IMPORTANT NOTE: The client_id and client_secret must be provided by the Ubidots support team. Please contact us at the following e-mail: support@ubidots.com.
Step 4: Make a POST request to the refresh token endpoint to refresh the respective access token.
curl --location --request POST 'https://leo-castellanos-98f30.iot.ubidots.com/o/token/' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data 'grant_type=refresh_token' \
--data 'refresh_token=ebirEYRFcpSh85PKq2fuo0G3DKBgie' \
--data 'client_id=<Your-client-id>' \
--data 'client_secret=<Your-client-secret>'\
Step 5: Set the specific parameters established for this endpoint: client_id, client_secret, domain, and refresh_token. You’ll get the following response.
IMPORTANT NOTE: The access token expires in 1 hour (3600 seconds), hence, it’s necessary to keep refreshing the access token of your user, if you want to keep the session alive.
Step 6: Test the endpoints available for the OAuth 2.0 authentication protocol. Please move to the OAuth 2.0 documentation to obtain more information about the endpoints allowed.
Step 7: Make a request using the access token provided.
curl —request GET \
--url 'https://industrial.api.ubidots.com/api/v2.0/devices' \
-H 'Authorization: Bearer <Access_Token>' | jq
ADDITIONAL NOTE: The users will have access to these endpoints depending on the permissions specified in the permission role of the user.