TinyGateway How To?

How to Secure the connection to the BlueUp TinyGateways?

The security is often the main concern in customers projects. Thus it is essential to protect your devices from unauthorized third party accesses.
The BlueUp TinyGateways can be accessed in 3 different ways:

  1. Through Web Interface - the web interface is protected by a default blueup password. In the web interface the user can manage and change the default settings of the gateway and check the presence of gateway updates.
  2. Via HTTP APIs - with the exception of the /api/system/ping call, every API invocation requires an authorization header. If the "X-Authorization" header is not set, the device always returns the HTTP status code: 401 Unauthorized.
    The value of the X-Authorization key is the SHA256 Hash of the device password.
  3. Via MQTT Broker - if the Remote management is enabled the user can control the gateway using the MQTT to call the gateway APIs.

The most simple way to protect your device is to set a secure password for the gateway. In this way only people that are aware of the new password can access and manage the gateway.

Change the password from the web interface

Once entered in the web interface, in the upper-right corner, press Menu and select Change password. A popup dialog will appear where you can change the current password with a new password.

Change password

Change the password via HTTP APIs

With the exception of the call /api/system/ping, every API invocation requires an authorization header, where the value of the "X-Authorization" key is the SHA256 Hash of the device password.
To change the TinyGateway default password though the APIs the steps to follow are described below.

  1. Make a POST request to /api/system/config/password with the X-Authorization header set to the SHA256 hash of the current password (initially ac48c6b9af4312edad68c6535c223bfb7bf8c5f0dc54890fbe60fa34e4ae5ba3, that equals blueup).
    The JSON body will contain the new password encoded: 
    { 
    "psw": "base64(\"new-pass:SHA256(new-pass)\")" 
}
    Example: To set the password to mySecret, the value of the "psw" field will be bXlTZWNyZXQ6ZDBiZTczMzQyOTQzMmY3ZjAwZDQyNWUxYWIwMDM0MTJhZmE3NWQ0MWZlMjgwZDhiYjJlYjNlODJmZWZjNTZiNg== which is the Base64 encoding of the string mySecret:d0be733429432f7f00d425e1ab003412afa75d41fe280d8bb2eb3e82fefc56b6.
  2. Reboot the device with the POST request to /api/system/reboot and the X-Authorization header with the SHA256 hash of the current password.
    After the reboot, the new configuration and the new password will be active.