In order to enrich the data in the dashboard, we need to send in some data that is only available on the device(s). We do however need to do this in a secure fashion. Here's how I am thinking this would work as of right now:
We create a new API end-point in the dashboard using DRF
We then do a simple POST to this end-point periodically from the device (TBD how we best run this)
While this all sounds simple, the devil is in the details. Credentials will be the trickiest part to solve, but here's how I'm currently envisioning it working:
We create a new authentication method for DRF that can take the RPI serial as the username and a token as the password
This set of credentials will only be able to update the status for itself (i.e. match on serial number)
We then create a Celery task that generates these sets for all devices
As part of the above Celery task, we also create a new environment variable for the particular device with the token (e.g. DASHBOARD_TOKEN).
If we ever wanted to rotate the credential for a given device, we simply remove the environment variable and the device Celery task will then auto-populate it again.
On the device side, we simply use the RPI serial and the new environment variable as the credentials when submitting the POST
In order to enrich the data in the dashboard, we need to send in some data that is only available on the device(s). We do however need to do this in a secure fashion. Here's how I am thinking this would work as of right now:
While this all sounds simple, the devil is in the details. Credentials will be the trickiest part to solve, but here's how I'm currently envisioning it working:
DASHBOARD_TOKEN
).