Authentication
UbiFunctions' URLs are publicly exposed. This means that anyone in possession of the URL path would be able to invoke your code.
To add an authentication layer to your function, you may add a preliminary step before execution in order to check the token inside the request.
Ubidots will automatically pass the content of the X-Auth-Token header as an argument of the function:
Request Header
Key inside Function
X-Auth-Token
TOKEN
See a Python example below:
1
import requests as rq
2
import json
3
​
4
'''
5
Returns True or False based on the validity of the token
6
'''
7
​
8
def account_auth(token):
9
​
10
response = {
11
200: True,
12
403: False
13
}
14
​
15
HOST = "https://industrial.api.ubidots.com"
16
PATH = "/api/v1.6/user_check/"
17
PARAMETERS = "?token={}".format(token)
18
URL = "{}{}{}".format(HOST, PATH, PARAMETERS)
19
​
20
r = rq.get(URL)
21
​
22
code = r.status_code
23
​
24
return response[code]
25
​
26
def main(args):
27
​
28
token = args.get("token", None)
29
​
30
if token is None:
31
return {"ERROR": "Missing token"}
32
​
33
valid = account_auth(token)
34
​
35
if valid is not True:
36
return {"ERROR": "Token not valid"}
Copied!
Please note that the function would still execute, even if the token is invalid, which would still count towards your usage. We are working on a new method to optionally authenticate a function the same way you'r authenticate any Ubidots API request.
Copy link