3 web service api, 1 authentication – Campbell Scientific CR800 and CR850 Measurement and Control Systems User Manual
Page 355
Section 8. Operation
355
Scan
(1,Sec,0,0)
'In the case of the CR800 being the ModBus master then the
'ModbusMaster instruction would be used (instead of fixing
'the variables as shown between the BeginProg and SCAN instructions).
ModbusMaster
(Result,COMRS232,-115200,5,3,Register(),-1,2,3,100)
'MoveBytes(DestVariable,DestOffset,SourceVariable,SourceOffSet,
'NumberOfBytes)
MoveBytes
(Combo,2, Register_LSW,2,2)
MoveBytes
(Combo,0, Register_MSW,2,2)
NextScan
EndProg
8.6.3 Web Service API
The CR800 Web API (Application Programming Interface) is a series of URL
(p.
commands that manage CR800 resources. The API facilitates the following
functions:
• Data Management
o Collect data
• Control
o Set variables / flags / ports
• Clock Functions
o Set CR800 clock
• File Management
o Send programs
o Send files
o Collect files
The full command set is available in the most recent CR800 operating system (see
operating system
in the glossary). API commands are also used with Campbell
Scientific’s RTMC web server datalogger support software
(p. 76).
The following
documentation focuses on API use with the CR800. A full discussion of use of
the API commands with RTMC is available in CRBasic Editor Help, which is one
of several programs available for PC to CR800 support
(p. 76).
8.6.3.1 Authentication
The CR800 passcode security scheme described in the Security
(p. 70)
section is not
considered sufficiently robust for API use because,
1. the security code is plainly visible in the URI, so it can be compromised by
eavesdropping or viewing the monitor.
2. the range of valid security codes is 1 to 65534, so the security code can be
compromised by brute force attacks.
Instead, Basic Access Authentication, which is implemented in the API, should be
used with the CR800. Basic Access Authentication uses an encrypted user
account file, .csipasswd, which is placed on the CPU: drive of the CR800.