3 web service api, 1 authentication – Campbell Scientific CR1000 Measurement and Control System User Manual
Page 372
Section 8. Operation
372
Scan
(1,Sec,0,0)
'In the case of the CR1000 being the ModBus master then the
'ModbusMaster instruction would be used (instead of fixing
'the variables as shown between the BeginProg and SCAN instructions).
ModbusMaster
(Result,COMRS232,-115200,5,3,Register(),-1,2,3,100)
'MoveBytes(DestVariable,DestOffset,SourceVariable,SourceOffSet,
'NumberOfBytes)
MoveBytes
(Combo,2, Register_LSW,2,2)
MoveBytes
(Combo,0, Register_MSW,2,2)
NextScan
EndProg
8.6.3 Web Service API
The CR1000 Web API (Application Programming Interface) is a series of URL
(p.
commands that manage CR1000 resources. The API facilitates the following
functions:
• Data Management
o Collect data
• Control
o Set variables / flags / ports
• Clock Functions
o Set CR1000 clock
• File Management
o Send programs
o Send files
o Collect files
The full command set is available in the most recent CR1000 operating system
(see operating system
in the glossary). API commands are also used with
Campbell Scientific’s RTMC web server datalogger support software
(p. 77).
The
following documentation focuses on API use with the CR1000. A full discussion
of use of the API commands with RTMC is available in CRBasic Editor Help,
which is one of several programs available for PC to CR1000 support
(p. 77).
8.6.3.1 Authentication
The CR1000 passcode security scheme described in the Security
(p. 70)
section is
not considered sufficiently robust for API use because,
1. the security code is plainly visible in the URI, so it can be compromised by
eavesdropping or viewing the monitor.
2. the range of valid security codes is 1 to 65534, so the security code can be
compromised by brute force attacks.
Instead, Basic Access Authentication, which is implemented in the API, should be
used with the CR1000. Basic Access Authentication uses an encrypted user
account file, .csipasswd, which is placed on the CPU: drive of the CR1000.