{"__v":18,"_id":"556741e97acd550d0075eace","category":{"__v":2,"_id":"556741d17acd550d0075eaca","pages":["556741e97acd550d0075eace","5567445f77c15523002fd57f"],"project":"5564f26a1fd04c0d00dc9aaa","version":"5564f26a1fd04c0d00dc9aad","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-05-28T16:26:57.533Z","from_sync":false,"order":1,"slug":"security","title":"Security"},"parentDoc":null,"project":"5564f26a1fd04c0d00dc9aaa","user":"5564f227f0f70f0d00a9ab20","version":{"__v":15,"_id":"5564f26a1fd04c0d00dc9aad","project":"5564f26a1fd04c0d00dc9aaa","createdAt":"2015-05-26T22:23:38.671Z","releaseDate":"2015-05-26T22:23:38.671Z","categories":["5564f26b1fd04c0d00dc9aae","556741d17acd550d0075eaca","556741d87acd550d0075eacb","556742f87acd550d0075ead1","556781cd6976ef0d0099c545","5568d666d33aad0d00ec8d2e","557f6b2d38249b0d00d0d12b","55b67be9c2e909190073ed38","564e56c601e80e0d00396684","56731b714b2a680d00524daf","573612ac652bd80e00a90027","57365e2cf8ebd31700769f50","57366131f8ebd31700769f58","573b93514e029d19000b8669","573bbfdb7ac6f6170033bd35"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-05-28T16:27:21.456Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":0,"body":"Meshblu gives you the ability to secure access to registered devices by allowing a device to have configured permission whitelists. The lists will contain the UUIDs of devices that will be granted access or banned from communicating with the secured device.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Identification\"\n}\n[/block]\nThe primary means of identifying a device is by a UUID and a Token. The UUID and Token are created on device registration. When connecting to Meshblu, devices will be authenticated with their UUID and Token.\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"> POST /authenticate HTTP/1.1\\n> User-Agent: curl/7.39.0\\n> Host: meshblu.octoblu.com\\n> Accept: */*\\n> X-MESHBLU-UUID: 022faeec-84da-47ee-a2b8-bc68a87863a1\\n> X-MESHBLU-TOKEN: 5edfd22157e3f4fbe5281461c3e1a28f0e8a1782\\n>\\n< HTTP/1.1 204 No Content\\n< Access-Control-Allow-Origin: *\\n< Date: Wed, 18 May 2016 01:34:17 GMT\\n< Etag: W/\\\"4-N6YlnMDB2uKZp4Zkid/wvQ\\\"\\n< X-Meshblu-Code: 204\\n< X-Meshblu-Response-Id: 2ea90542-9a71-4879-85b3-4373ea353244\\n< X-Meshblu-Status: No Content\\n< X-Powered-By: Express\",\n      \"language\": \"http\"\n    }\n  ]\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Ownership\"\n}\n[/block]\nWhen a device doesn't have an owner, it is in an unclaimed (public) state. The device and its properties are searchable by authenticated resources on the same network. The device can then be claimed (see the claim API). Once a device is claimed (owned), it will not be visible publicly except to the owner of the device. Setting the `owner` property of a device to a UUID will grant that UUID full access to the device.\n[block:callout]\n{\n  \"type\": \"warning\",\n  \"title\": \"Deprecation Warning\",\n  \"body\": \"The special meaning of `owner` will be removed in a future version of Meshblu. Whitelists will be the exclusive means of configuring device access.\"\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Whitelists\"\n}\n[/block]\nYou can control different access levels to your device by using the various whitelist properties.\nSee [Whitelists 2.0](doc:whitelists-2-0) for more details.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/2sDhWL7MSMWWbngKI9pk_Message%20Allowed.svg\",\n        \"Message Allowed.svg\",\n        \"0\",\n        \"0\",\n        \"#323232\",\n        \"\"\n      ]\n    }\n  ]\n}\n[/block]\nIn the above scenario `Device A` will allow `Device B` to send it messages by including `Device B` in the `message.from` whitelist.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/KvCibNYQpq9Guxmt2Xl7_Message%20Denied.svg\",\n        \"Message Denied.svg\",\n        \"0\",\n        \"0\",\n        \"#323232\",\n        \"\"\n      ]\n    }\n  ]\n}\n[/block]\nIn the above scenario `Device A` will not allow `Device B` to send it messages, since only `Device C` is in the `message.from` whitelist.","excerpt":"Information on device security","slug":"security","type":"basic","title":"How It Works"}

How It Works

Information on device security

Meshblu gives you the ability to secure access to registered devices by allowing a device to have configured permission whitelists. The lists will contain the UUIDs of devices that will be granted access or banned from communicating with the secured device. [block:api-header] { "type": "basic", "title": "Identification" } [/block] The primary means of identifying a device is by a UUID and a Token. The UUID and Token are created on device registration. When connecting to Meshblu, devices will be authenticated with their UUID and Token. [block:code] { "codes": [ { "code": "> POST /authenticate HTTP/1.1\n> User-Agent: curl/7.39.0\n> Host: meshblu.octoblu.com\n> Accept: */*\n> X-MESHBLU-UUID: 022faeec-84da-47ee-a2b8-bc68a87863a1\n> X-MESHBLU-TOKEN: 5edfd22157e3f4fbe5281461c3e1a28f0e8a1782\n>\n< HTTP/1.1 204 No Content\n< Access-Control-Allow-Origin: *\n< Date: Wed, 18 May 2016 01:34:17 GMT\n< Etag: W/\"4-N6YlnMDB2uKZp4Zkid/wvQ\"\n< X-Meshblu-Code: 204\n< X-Meshblu-Response-Id: 2ea90542-9a71-4879-85b3-4373ea353244\n< X-Meshblu-Status: No Content\n< X-Powered-By: Express", "language": "http" } ] } [/block] [block:api-header] { "type": "basic", "title": "Ownership" } [/block] When a device doesn't have an owner, it is in an unclaimed (public) state. The device and its properties are searchable by authenticated resources on the same network. The device can then be claimed (see the claim API). Once a device is claimed (owned), it will not be visible publicly except to the owner of the device. Setting the `owner` property of a device to a UUID will grant that UUID full access to the device. [block:callout] { "type": "warning", "title": "Deprecation Warning", "body": "The special meaning of `owner` will be removed in a future version of Meshblu. Whitelists will be the exclusive means of configuring device access." } [/block] [block:api-header] { "type": "basic", "title": "Whitelists" } [/block] You can control different access levels to your device by using the various whitelist properties. See [Whitelists 2.0](doc:whitelists-2-0) for more details. [block:image] { "images": [ { "image": [ "https://files.readme.io/2sDhWL7MSMWWbngKI9pk_Message%20Allowed.svg", "Message Allowed.svg", "0", "0", "#323232", "" ] } ] } [/block] In the above scenario `Device A` will allow `Device B` to send it messages by including `Device B` in the `message.from` whitelist. [block:image] { "images": [ { "image": [ "https://files.readme.io/KvCibNYQpq9Guxmt2Xl7_Message%20Denied.svg", "Message Denied.svg", "0", "0", "#323232", "" ] } ] } [/block] In the above scenario `Device A` will not allow `Device B` to send it messages, since only `Device C` is in the `message.from` whitelist.