3 web service api, 1 authentication – Campbell Scientific CR3000 Micrologger User Manual
Page 377
Section 8. Operation
377
Scan
(1,Sec,0,0)
'In the case of the CR3000 being the ModBus master then the
'ModbusMaster instruction would be used (instead of fixing
'the variables as shown between the BeginProg and SCAN instructions).
ModbusMaster
(Result,COMRS232,-115200,5,3,Register(),-1,2,3,100)
'MoveBytes(DestVariable,DestOffset,SourceVariable,SourceOffSet,
'NumberOfBytes)
MoveBytes
(Combo,2, Register_LSW,2,2)
MoveBytes
(Combo,0, Register_MSW,2,2)
NextScan
EndProg
8.6.3 Web Service API
The CR3000 Web API (Application Programming Interface) is a series of URL
(p.
commands that manage CR3000 resources. The API facilitates the following
functions:
• Data Management
o Collect data
• Control
o Set variables / flags / ports
• Clock Functions
o Set CR3000 clock
• File Management
o Send programs
o Send files
o Collect files
The full command set is available in the most recent CR3000 operating system
(see operating system
in the glossary). API commands are also used with
Campbell Scientific’s RTMC web server datalogger support software
(p. 76).
The
following documentation focuses on API use with the CR3000. A full discussion
of use of the API commands with RTMC is available in CRBasic Editor Help,
which is one of several programs available for PC to CR3000 support
(p. 76).
8.6.3.1 Authentication
The CR3000 passcode security scheme described in the Security
(p. 70)
section is
not considered sufficiently robust for API use because,
1. the security code is plainly visible in the URI, so it can be compromised by
eavesdropping or viewing the monitor.
2. the range of valid security codes is 1 to 65534, so the security code can be
compromised by brute force attacks.
Instead, Basic Access Authentication, which is implemented in the API, should be
used with the CR3000. Basic Access Authentication uses an encrypted user
account file, .csipasswd, which is placed on the CPU: drive of the CR3000.