Hi,
As part of the Junior Internet of Things Challenge for school teams in Alkmaar, we are developing a simple GPS tracker unit based on the RFM95, an Arduino Pro mini, a small GPS board and a small LiPo. Each team will try to build a tracker and we are planning to launch these using a few balloons, very similar as was done at the Sodaq event in Hilversum.
Feel free to take a look at wiring diagram, code and other bits and pieces in our Kaasfabriek Github!
Now, as part of the new TTN Data Storage option I have started to pull the data from the API into Excel using WinHttpRequest and a bit of good old VBA. I must say, this is a very cool option to allow you to quickly create your personalized graphs and data tables. The API approach simplifies things a lot for our junior teams.
Now I wanted to add some real-time mapping of waypoints using Google maps and some javascript. We are also using the ttnmapper.org - however the Data Storage API could allow us a few tweaks, such as connecting the dots of the different teams in their own color.
However, in javascript I have tried to use XMLHTTPRequest to read data from the TTN Data Storage API, this generates an error. To my understanding, the browser recognizes this as a CORS, Cross Origin Resource Sharing, from one domain to another. Such call is blocked by the browser as it does not see an approval from the API, an approval (as I understand) the API can communicate by adding specific response headers. My apologies if this wild story is a result of a coding error on my part…!
My very prelim code is visible at http://dataschrift.nl/ballon_map.html
The error displayed is:
XMLHttpRequest cannot load https://.data.thethingsnetwork.org/api/v2/query?last=2h. Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://dataschrift.nl’ is therefore not allowed access. The response had HTTP status code 404.
A few questions:
-
Is TTN planning to allow access to this API from within browsers, and can such CORS headers be added?
-
In the client side scripting, our access key is plainly vsible. There is no privacy issue as we planned the node data as ‘safe for public use’. However, I am wondering if there is a nice way to obscure the key a bit.
-
Is there a policy on API usage and traffic? What if many people would start hitting the page, will the API start to blacklist our account?
Again, apologies if I did a coding error - actually that would give us the quickest solution… Otherwise, I am very interested to see a few responses!
Thanks,
Marco