Access Token for the API


First of all: has a really nice WebUi and is very functional. Well done :+1:

Would it be possible to add a (optional) “Access Token/Authentication” function to the API in order to prevent unauthorized data submission?

Thank you :slight_smile:


1 Like

Just wondering, why are you asking about this?

Are you worried that someone would be submitting false information on your behalf?
Do you think this might already be happening in the sensor network?
Or are you worried in a general sense about a lack of authorization?

I am running a LoRaWAN forwarder. My forwarder is basically doing that, impersonating several nodes on behalf of actual nodes, without actually being a node itself. I saw that the firmware has an option to use https towards the server to verify the server is authentic, however without any authentication of the node itself and have been wondering about this somewhat strange security scheme.

Well, I was searching for the api key (in order to submit sensor data using my RasPi), but then noticed that the api does not require an api key at all. OpenSenseMap (for example) has the option to enable the api key functions.

1 Like

there is no need to create access token or anything like that. Sensor UID, which you have to came out yourself acts like password. So don’t share sensor uid with anyone and no one will submits any data unauthorized :slight_smile:

1 Like


Thanks for the reply :-).

sensor UID is the ChipID of the NodeMCU or something else?

The serial (ChipID) is public accessible via

But i may be wrong…

these are two different thinks. Why you don’t register one sensor and check: