Server-side scripts

If applications are to be called via Web APIs, authentication is often required. One possible authentication method is API keys, which must be secret to prevent abuse. Using server side scripting, an API can now be called server-side instead of client-side. To protect the API keys from outside dashboard administrators, this code can be encrypted.

1. Create a dashboard as usual.

2. Configure a content element of the type HTML/JS.

   Here you get a sample script for Openweather-Map:

   Aktuelle Temperatur in {Contact.CITY1}:
   <span id="output_temp">-</span>°C
   
   <script type="server">
       function getTemp(city) {
           var xhr = new XMLHttpRequest();
           var API_KEY = '8de2235076f3ef9cf9bbedf148504945'
           var url = `http://api.openweathermap.org/data/2.5/weather/?q=${encodeURIComponent(city)}&units=metric&appid=${API_KEY}`
           xhr.open('GET', url, false);
           xhr.send();
           if (xhr.status == 200)
               return JSON.parse(xhr.responseText).main.temp;
           throw new Error('Request failed: ' + xhr.status);
       }
   </script>
   
   <script>
       XP.OnLoad(function() {
           XP.Server.getTemp('{Contact.CITY1}').then( result => {
               console.log(result)
               $('#output_temp').text(result)
           })
   
       })
   </script>
   

Encryption

The above-mentioned server-side Openweather-Map element is now to be encrypted. For this purpose, the tag <script type="server"> is extended by encrypted="":

Aktuelle Temperatur in {Contact.CITY1}:
<span id="output_temp">-</span>°C

<script type="server" encrypted="">
/* ENCRYPTED SECTION
bZcRTa++L4RnNNfDSn1348GCruCkGATJfYoldmTE/mXn1Hqfoj1CRfZsyu/AwpiB7+iGjd8FAvJhLY5gWLgOU1dDrYOIaADmG/T5frxUPqca5KLRr1wk8kgrsoLcbRXgbmFnwjUd2xXTNGnncbNmoMU3FRRPIR2xNIlBqGVduaf803USjYWVqY7ttWWUBl5NNIVAQKb2HzkN0uphy+zaWMRtzPea4SYr5P3NUcgtCa3EpnOzlFsnwnrzydKzMG2LVl7XP0KFv80RKstaUccsrIJSHGsw/+F/ZKbVuKVt3u6lvx4dtQpU2PZb+wx447rMiv6lx91eer8C+cqhciH5KbUT1H3JrsMUK8+5bGqfJ5fFaSuYGCNCdU+HfxcO9PDUD0ktJ4di3qyuhSRf64BfuWfXohhcFCh3mv91aeShb0ub504szcd3E1bxGgqyq2XnRhKYetJgcTg2mg0SYco3lPMUcFuPAM9fO9HS3GQ53huuMWY+BFEDmODPZctDeHOiaVUffSkn8pFpgw+2kKB21aNapJpkMvj1IDOovGFW0waIFQgPbogxKdUMcjQ+Z3YzmR614fUbbpyR3NgxrDJukPjnXC3wYdg+VxYHlSdzOSmilYKnGTuOwa5BDzZUzh9IHNIw/aVEKJ8gVJc+RRzXpjEhc+BRhpdyeE49cAEoku8=
ENCRYPTED SECTION END */
</script>

<script>
    XP.OnLoad(function() {
        XP.Server.getTemp('{Contact.CITY1}').then( result => {
            console.log(result)
            $('#output_temp').text(result)
        })

    })
</script>

After saving, the complete tag is no longer readable by other administrators.

Caution

Please do not save your skipts exclusively in this HTML/JS element, otherwise you will not be able to read the code after encrypting it.

Have you found a mistake on this page?

Or is something not formulated well or too vague? Then we look forward to receiving an e-mail, preferably with a suggestion for improvement, to doku@c4b.de. Thank you very much!