Securing API Route for use with IoT devices
Hey, what would peoples recommendations be for securing my nextjs api for use with Iot devices.
Previously I would use a JWT, or OAuth to secure them but im not really sure if this would suit an iot device.
Essentially my device needs to be able to connect, and then send some telemetry data over https, and will do this at random intervals.
Currently I am generating a cryptographically secure GUUID on the microcontroller using hardware RNG, and storing this in memory and sending this uuid up as the authorization token, which then checks if the token exists in the db, if it doesnt, it ignores the request (i eventually want to add in a way to block ip's if it keeps spamming the API), however i dont believe this to be secure in the long run
Previously I would use a JWT, or OAuth to secure them but im not really sure if this would suit an iot device.
Essentially my device needs to be able to connect, and then send some telemetry data over https, and will do this at random intervals.
Currently I am generating a cryptographically secure GUUID on the microcontroller using hardware RNG, and storing this in memory and sending this uuid up as the authorization token, which then checks if the token exists in the db, if it doesnt, it ignores the request (i eventually want to add in a way to block ip's if it keeps spamming the API), however i dont believe this to be secure in the long run
