1

I'm interested in using Xively's image embed code in a website I'm working on, but I need to either:

  1. Make the Xively feed public in order to access the image

  2. Include the API key in the get request

Now I do not want to expose our private information or open up the datastreams to being modified without my permission using my API key, what options do we have? In other words, how can I conceal the API key in the image URL that your can easily find by viewing the source? I'm not particularly keen on saving the image locally, renaming it, and then serving it from our server with a different name.

errordeveloper
  • 6,716
  • 6
  • 41
  • 54
Madison May
  • 2,723
  • 3
  • 22
  • 32

1 Answers1

2

Xively API keys have very fine-grain permissions. You probably want to generate a key that has:

  1. read-only access to just that specific feed
  2. referrer set to the domain of your website

You will find an "Add Key" button on your develop workbench, see screenshot below.

enter image description here

This should protect your data, but still keep your device's feed private.

errordeveloper
  • 6,716
  • 6
  • 41
  • 54