New Agent URL

Are there any easy way to get a new agent url?

The reason I am asking is because I am trying to make a system that will be easy for others to use, and it only requires one mistake from me for others to have the url to my imp… Would be nice to know what to do before anything like that happens. :slight_smile:

I’don’t think so. Your URL is bound to your device (impee), not to your Imp, so I have understood, because your URL doesn’t change when you change imps.

The URL is bound to the ID chip on the board the impee goes into, I know that. But I don’t see why it should not be possible to assign a new url to that ID. And maybe it is too, I suspect Hugo will pop in here in not too long and explain it. :wink:

I don’t think the url is assigned, but calculated based on that ID, so I still don’t believe it’s easy to change that, because you’ll have to change the formula.
But maybe I’m wrong.

I’ll jump in and speculate a bit with @DolfT while you’re awaiting an EI response.

I’m going to guess that even if the agent URL could be changed (also guessing there’s no reason it couldn’t), I’m not sure this is a situation EI would want to deal with. It just adds another layer of complexity/administration that I’m not sure is necessary.

I’m thinking the way I might work around your concerns is to just include some sort of URL redirect mechanism on your side. You could come up with any sort of user URL you might want for your project, which would redirect to the ‘hidden/secure’ agent URL (either via your server or perhaps a small script file). If your user URL was then ever compromised, you could just change this w/o needing any agent-side change.

Anyway, I’d have to think thru in more detail exactly how I’d go about this, and security implications related to a redirect, but this is the general strategy I think I would likely try to explore … i.e. shoulder the burden of the URL redirect without trying to make any agent related changes.

Again, just my .02c.

Hiding the URL from direct access is not a problem, that is what I already do, the problem is that it is that system I am working on and want to share with others.

Everything goes through a PHP file that does all the communication from the user to the imp, people don’t even see what is being transferred, the only thing they can find is a id and the PHP file. That id is then looked up in a database and depending on what is in there, a string will be generated and it will then be transferred to the imp.

The chance of me screwing up is small, because the URL is not even hard coded in any of the files, it is also put inside the database.

And now when I am at it (to maybe give more understanding of what is going on, and maybe awake some interests), I will tell a bit more about the system.

The system is actually just a web page, which is designed to be accessed from a phone. On that page there will be sub-pages, could be Kitchen, Garage, Living room, Whatever…

On each of those pages there can be buttons, switches, displays (just showing a number from the database or somewhere else).

To set that up a node is created in the database, when creating this node you give it a name, insert the URL, and set what type it is (the system can handle more than just electric imp).

After that you create a switch/button/display, give it a name, assign a node to that switch, set a pin number, and if it is a button, set how many times it should pulse the pin and with what delay.

The last thing to do is to create those sub-pags, here the switches/buttons/displays are assigned to the page, and that’s it.

When any switch or button is pressed, it will look in the database and generate the string needed to be send, to make it do what is set in the action, and then do the call to make things happen.

So I only set the URL once in my database, make a php file that will be able to set up the database on another system, and then it should not be needed for me to ever have to put the url into anything again… BUT, even when the chance is small, I might be up all night and do some silly things, and this is why I what I do, in case I forget to think.

It sounds like you’re using the agent URL as a form of security. You could have the agent listen for a specific path as a password, which you could change at a later time via code.

function mywebserver(request,res) { if (request.path == "/mypassword") { local data = "<HTML><BODY BGCOLOR=\"lime\">"; data += "Password Matches"; data += "</BODY></HTML>"; res.send(200, data); } else { local data = "<HTML><BODY BGCOLOR=\"red\">"; data += "Page not found."; data += "</BODY></HTML>"; res.send(200, data); } } http.onrequest(mywebserver);

It is a part of the security, it is not the only security in place, but exposing it by accident removes the first layer of protection, and I would like to stop everyone already at that point.

As others have noted, the agent URLs depend on several things including the device ID, user account, etc. The same device on another account will have a different URL.

Using HTTPS to access the agent will not expose the URL anywhere in plaintext, however having a semi-secret URL is not really security and you should implement some authentication on top of it - this is why we have things like HMAC SHA1 APIs.