Request: a way to make certain devices (or components) have open API access without authentication

[jpwright]

For one application we're hoping to expose data streaming from a device to the public.

It would be ideal to not require authentication (since it would just be needlessly cumbersome) but even with authentication, we don't want to expose the device management parts of the API (e.g. we can't have people modifying/deleting devices by accident)

Without this we'll have to rely on an external service to 'wrap' the Enable IOT API.

[jtaryma]

Hi,
We want to keep the DP system secure. We will not allow using DP API without authentication, as it may cause security issues.

I understand that what you need is a specific "viewer" role for DP system, where such user could not edit any account-and-device-level-settings?

[jpwright]

A viewer role would be great. But even a step further -- where no user token is required to read data from certain devices, that you set as public -- would be ideal.

This feature is offered by Xively and others, for example -- https://xively.com/dev/docs/api/security/public_and_private_feeds/

Just a suggestion though, feel free to ignore as I'm sure there are many other things on your to-do. :-)