Datacake Docs
  • Welcome
  • Get Started
  • Changelog
  • Best practices
    • Best practices: Getting started
    • Best practices: Resolution (Timeframe)
    • Best practices: Dashboards
    • Best practices: Reports
    • Best practices: Grouping Devices
  • Datacake LNS
    • Getting Started
    • Gateways
      • Milesight LoRaWAN Gateway - UG6x
      • RAKwireless WisGate Edge Light 2
    • Devices
    • Add Devices without Gateway
  • Wireless IoT Hub
    • Overview
    • Datasheet
    • Getting Started
  • Device
    • Product
    • Configuration
    • Claiming
    • Historical Data
    • Database
      • Configuration Fields
      • Fields
        • Manual input
        • Field Roles
        • Formulas
        • Mapping Fields
      • Data retention & Datapoints
      • Examples
        • Mapping 4-20mA Signals
        • Converting Units
  • Dashboards
    • Global Dashboards
      • Setting Homepage
    • Device Dashboards
    • Multi-Device Dashboards
    • Widgets
      • Value Widget
      • Chart Widget
      • Image Map
      • Map Widget
      • Text Widget
      • SOS Widget
      • Boolean Widget
      • iFrame Widget
      • Downlink Widget
      • Set Value Widget
      • Measurement List Widget
      • Heatmap Widget
      • Table Widget
      • Image Widget
  • Portal
    • Multi-Tenancy (Workspaces)
    • Reports
      • Energy Report
    • Administrators
    • Members
      • API Users
    • Security & Privacy
    • Billing
      • Support Packages
      • VAT Exemption / Tax ID
      • SMS Credits
      • Access Invoices
      • Unused time and Remaining time in Invoices (Prorations)
      • Codes
    • White Label
    • Rules
      • Legacy Rule Engine
        • Sending notifications via Telegram
      • New Rule Engine
        • Rule Engine Table Overview
        • Copy/Paste and Template Functionality
        • Advanced Rule Engine E-Mail and Webhook Templates
        • Time Restrictions
        • Actions
          • Set Value
    • Zones
  • Cake Red
    • Get Started
    • Overview
  • LoRaWAN
    • Get Started
      • CSV Import
      • Custom LoRaWAN Device
    • Configuring LNS
      • The Things Stack (TTN / TTI) Automated Setup
      • The Things Stack (TTN / TTI) Manual Setup
      • Loriot
      • Kerlink Wanesy
      • Helium
      • ChirpStack
      • Tektelic
      • Actility ThingPark
      • Senet
      • Milesight Gateway
      • KPN
    • Downlinks (LoRaWAN)
      • Set Time Frame
    • Securing Webhooks
    • Payload Decoders
      • Location and GPS
      • Access Gateway Metadata
      • Access Measurements
      • Global Variables
    • Using Cayenne LPP
    • Converting Payload
  • Generic API Devices
    • HTTP Downlinks
  • Integrations
    • MQTT
    • Particle
      • Get Started
      • Adding Integrations
      • Decoding Payloads
      • Calling Functions
      • Templates
        • Particle Tracker One
    • Incoming Webhooks
    • Outgoing Webhooks
      • Securing Outgoing Webhooks in Datacake
    • Golioth
    • Blues Wireless Notecard
    • Sigfox
    • Swarm Asset Tracker
    • Grandcentrix Modbus Cloud Connect
    • YuDash LYNX IoT Gateway
    • Dragino NB-IoT
      • Changing NB-IoT Bands
    • Hardwario CHESTER
    • 1NCE OS
  • API
    • Exporting Data
    • Record Measurements via API
    • Node RED to Datacake
    • Generate Access Token
    • Internal MQTT
      • Get Started
      • MQTT Documentation
      • MQTT over WebSocket
      • Example Code
    • GraphQL API
      • Using GraphQL
      • Device Creation
      • Tutorials
        • Read Group via Tags
  • Guides
    • Python
    • Send Slack Notifications
    • Forward Data to Cake Red
    • Multiple Data Feeds
    • Automated Dynamic Downlinks
    • Ingesting JSON Data into Datacake API Devices
    • Working with Default HTTP Decoder on API Devices and Code Examples
    • Accessing Measurements in Decoders
    • Connecting Datacake to Notion Using Zapier
    • How to set up and use location on non-GPS devices
    • How to integrate with AWS IoT Core
    • How to Schedule Mass-Downlinks (Multicast) using Datacake Rule Engine
    • How to Map Sensor Values to Ranges or Booleans, Strings using Mapping Fields
    • Understanding Internal vs. External MQTT Brokers on Datacake
    • Sending UDP Messages between 1NCE OS and Datacake
    • Concepts of LoRaWAN Payload Decoders on Datacake
    • How to check if a value stays above or below limits for given time
Powered by GitBook
On this page
  • Overview
  • Is this required?
  • Securing a new LoRaWAN Device
  • Securing an existing LoRaWAN Device
  • Configure Networks
  • TTN / TheThingsNetwork

Was this helpful?

  1. LoRaWAN

Securing Webhooks

Last updated 4 years ago

Was this helpful?

Overview

If you are not using the Datacake TTN option to connect your device to the Datacake Cloud, you should secure the device by requiring an access token in the webhook.

If you do not enable the authentication, in theory, someone else could craft a spoofed payload and transmit it to the Datacake webhook endpoints including the DevEUI of your device, which would result in this data to be stored on your device.

To prevent this, enable the "Webhook requires authentication" option either when creating the device or later in its configuration.

Is this required?

We call the authentication of the Webhook optional, because it is not necessarily required. However, once it is set up correctly, it is nothing more than a mouse click and we recommend using it especially for larger fleets.

Please note that this option or not enabling this option does not mean that a Webhook would be an insecure way to communicate. Basically, the Webhook establishes encrypted communication with the Datacake API. It could just happen that someone forwards wrong data over a compromised DevEUI. However, the probability of this happening is very low. A potential attacker would need the following:

  1. Description of the individual payload structure

  2. The exact DevEUI of your device

The latter (the DevEUI) is difficult to predict in its nature. You would have to steal it exactly from the sensor.

Securing a new LoRaWAN Device

When you create a new LoRaWAN Device using one of our provided templates you have the option to set the Securing of the Webhook during the Steps in the Configuration-Wizard.

You can always deactivate this option or skip this step during setup and activate it later using the Configuration Dialog of your Device. See "Securing an existing LoRaWAN Device" on this page.

Securing an existing LoRaWAN Device

When you already have devices that you want to secure using the optional Webhook Authentication method you can do this by going through the following steps and activate the authentication.

When the option is enabled, all requests to the Webhook need to have the Authorization-Header set to Token YOURTOKENHERE. To learn how to generate access tokens, please go to:

Configure Networks

To enable securing of Webhooks you need to provide an additional authorization header in your LoRaWAN Application. We are now providing some examples for those LoRaWAN Networks that Datacake has Integrations for.

UPDATE: We have put together detailed guides on how to set up Webhook Authentication for each LNS. You find this here:

TTN / TheThingsNetwork

In the following Screenshot you see how setting the Authentication Token looks like on the TTN LoRaWAN Network Server. In your Integration - where you set up the Webhook forwarder - you need to provide an extra Authentication-Header. This looks something like the following (Please not that the Token used in the Screenshot is just a fake one - you need to replace it by your real one).

Generate Access Token
Configuring LNS