Skip to main content

Help with MyGeotab SDK Authentication

MFurg-1992
Original Poster

I am new to geotab and am using some of the javascript examples. One that matches my need, leveraages login.js, supplied in the SDK. I try to hard code my authentication, as an example, just to play around, and I still get the popup window for login. If I comment out the popup window, authentication doesn't work. Looking for best practices for how to authenticate.

Join the conversation

You need to be logged in to reply to this post and participate in the Geotab Community discussions.

9 Replies

Hey @MFurg-1992​,

 

Can you provide more details or code examples? I should be able to help you out with a little more information.

 

Thanks,

Tucker

MFurg-1992
Original Poster
Tucker: This is the example I am using as it closest mimics what I need to do. https://github.com/Geotab/sdk/blob/master/src/software/js-samples/getLocation.html Enter a serial number and you get prompted to login. I modified the js/ login.gs to no avail. Assuming I have the Serial Number, I just want to execute something like this. { api.call("Get", { typeName: "Device", search: { serialNumber: deviceSerial } }, function (result) { if (result.length > 0) { showDeviceLocation(result[0]); } else { alert("Could not find a device for that serial number"); } }, function (error) { alert(error); }); } Thanks Mike

Can you post your exact javascript code that's giving you the error? I would also hard code the Serial number into the javascript so you can ignore the front end completely and just authenticate with the javascript api object.

 

Also what is the use case for this, because you might have authentication taken care of for you already if you're doing this as an add-in. The Add-in would have the authenticated user and then your code that you posted would work.

MFurg-1992
Original Poster
Additional, I have been able to use curl to get a response, but I pass in a sessionid. What I need to know is what is the best way to pass in login details. then what do I do with the result? Sessionid or something different. The goal is to show on a map where some devices are located, using either google maps or open street maps. This is for customer consumption, hence they will not have accounts. Any help appreciated. Mike

Have you used this code to authenticate with the api object?

 

var api = GeotabApi(function (authenticateCallback) { authenticateCallback('my.geotab.com', 'database', 'user@example.com', 'password', function(err) { console.error(err); }); });

 

MFurg-1992
Original Poster

I added this code and it worked! Great. But now my credentials are exposed bu sinply viewing the source of the webpage, so I need a different solution. Any thoughts?

Can you tell me exactly what you're doing with this project? Is this something that will go on a Geotab database or something that will be standalone, because if it's going on the Geotab database you should create it as an add-in and use the authentication provided.

MFurg-1992
Original Poster

Tucker.

 

I am building a webpage to track a device, going back 10 locations, to build a "tail" so people know which direction it is heading. I am using Javascript and Leaflet for the mapping, that is all working fine. My issue is getting the data from geotab without exposing credentials and database. If I hard-code it in the Javascript, anyone can just view-source and see the credentials. Is this something add-in can help with? This webpage will just be in a squarespace domain and users accessing the webpage have no knowledge of geotab or have any login details to it.

 

Does this make sense?

That makes sense. An add-in has to live within a Geotab database so that wouldn't work for what you're trying to do.

 

It's impossible to protect your credentials if you want to do it all in javascript. You could build a backend server and make an API request to that backend server from your frontend and then make the request to Geotab from the backend server, and respond to your frontend with the Geotab data. That's what I would recommend in order to protect your credentials. Other than that, you would be assuming some risk by including the credentials in the client.

 

Thanks,

Tucker

Still have questions?