 Hello, hi everyone. So, topic is Internet of Things, securing data with like MQTT, STTP, APIs. So, few questions. Has anyone has ever dealt with API building and all? Okay, you have experience. In STTP or MQTT? STTP. Okay. So, my name is Ramesh from India. I'm basically working as a full stack developer and working on IoT devices. We measure air pollution of different cities and we have made devices which sends data to our server and from server you can fetch the data from STTP APIs. So, the roadmap of this presentation workshop would be like, first I'll introduce to noted what it is. Then the MQTT part, which is a protocol built over TCP. So, it is a messaging queuing telemetry transport protocol. So, basically whenever devices, let's say there are IoT devices which are sending data to server, how they send data to server? It's not like, they can send it over STTP also, but MQTT is more efficient way and it's more reliable for devices. Then there comes STTP for people to get data from server and use it like wherever they want. So, what is Node-RED? Does anyone have any idea of what is Node-RED? Any Node developer here? Node.js. Okay. So, basically Node.js, like there are some frameworks built on top of the Node.js to fetch data from server. They are Express.js is the one of the framework network. Then there are other frameworks available for building APIs and all. But Node-RED is very easy framework, like you can, it's very lightweight. You can run it on a Raspberry Pi also. So, definitely you can run it on your laptop or you can run it on any virtual machine you are having. It's new, it's application builder. It's very easy to use, like whenever we are coding, let's say we do couple of hours coding, we have our whole coding days and we build some APIs, couple of APIs. With Node-RED, you can just use drag and drop interface of it. You can put some HTTPS node, you can build the API in just click of like minutes, like you don't need any hours to do it. So, what, how does it help? So, if you are, let's say you are working in a team or let's say you have a startup of your own. Now, you don't have that much money to hire people. You don't have that much time to give into software backend and all. So, you can just use Node-RED. You can focus on your task, like you have other tasks also. Let's say you need to build frontend for that. You need to make mobile applications, Android applications, iOS applications. So, this is in benefits of backend developers that how can they make their life more efficient and more powerful using Node-RED. So, no more bullshit. And then this is how Node-RED will load. Look, like there is one node, like the path goes to from left to right. Like you have some input, you process it and you give it to user. So, that's the output mode. It can be anything. It can be schedulers also. Like you want to schedule your tasks accordingly. Like there should be some, there are some weekly tasks which should run on Mondays, which should run on Sundays. Like weekly analysis which are also possible in this noted. So, one thing, like how these data flows from one node to another node and to the next node and till the end one. So, everything moves in JSON. There is one parameter called message MSG. Message has these JSON parameters. Like my payload is hello world. My topic is this. These are the key value parameters. So, it is already going, like it is definitely going to change like whatever you want. You can put it over there and you can access it. You just need to know your key name. So, let's have a guys if you get the reference. So, these are the different nodes which are available in Node-RED. Debug node, function node, template and these are the TCP. These are these are for devices. Like how actual IoT devices sends the data to Node-RED and all. It's basically a simple JavaScript. If you know JavaScript, you can code it in Node-RED. You can put your simple function and you can put it into one node and you can have, you can deal it with like giving its input and coming out with different outputs, processing them and different different things. So, you can actually debug also. Let's say JavaScript, what JavaScript developers do. Like they process some functions. They need to see what debugging output is there. Like they see some messages in console. They see it on their terminal. So, you can store each and every logs into your log files. You can see those logs in browser console also. Like there are developer tools in Chrome and Firefox and all. So, debug node is also available. You can see those debug messages on the Node-RED also. I'll show you that. So, message is passing from one node to another and let's say I have one counter application. Like there are some, let's say Force Asia wants to build their APIs on Node-RED. Now, there are some speakers. There are some guests. There are some attendees available over here. Now, flowing, data is flowing from one node to another node. Now, we want two different things to be done. Like there are multiple function calls. So, you can actually, you can have multiple outputs of one node. One can be dealt by year away and another can be dealt by the required way. So, how to return those messages? Like if you have only one message, just return one. Then you return it as an array. All of these are again also JSON only. These are. But you have different, different mechanism to bypass the array from one node to another node. As I said, it's just simple JavaScript. You don't need to do much in this Node-RED. Let's say now, how can we, let me show you the Node-RED first. So, it's just an NPM module. You just install it with NPM install. Yeah. You just hit this command and it will start Node-RED at some HTTP port, whichever you want to configure. You can do it via a configuration. Now, how will it look like? It is a, so this is the Node-RED and like UI. You have all the nodes available over here, whichever you want to use. You can take any node and put it over here. Then you can, you can just plug it to another node. So, this is one demo I have prepared. Can you see it? Is it visible? So, let's say this is the get API. So, you just select which API you want. You can select post API. You can put, delete whatever you want. This is how you configure. Like this is your URL name, which will be appended after 1880 port. Speaker info and there will be some URL parameter called name in this URL. Now, this, this request will come. It will get like notified by its unique URL. Now, right now I'm introducing a static database and it is in form of JSON error. Like there are three speaker information available right now. Jamesh, another one and another one. Then there is some type topic where, what time he is giving the speech. And I am storing that db variable into my message one. So, now this, what I'm going to do is I'm, I'm just going to return this message to my next node. So, next node will just run a for loop and it will find the information of that person if, if he exists. Now we have headers, like each and every, like whenever you are giving response to your web clients or mobile clients, you pass sttp status codes, you pass sttp headers along with that. So, I'm just checking if that person's information does exist in my database. If yes, then I'm just passing the headers of application JSON and message status equal to 200, which is sttp okay. Yes, I found this and you can have the information. If I don't have that person's name, then I'll just return no records found and status code will be 404. So, it goes to the response. So, this is the flow one, two, three, four, five. Now, if let's try it out. So, I'm, I'm sending a get request to my node red, node red client and the URL speaker info and then the parameter name is jamesh. So, as soon as I hit the send, I got the status code 200 and my name is, my name and information is over here. So, this is very easy to build any sttp API you want in, in number of minutes and let's try out, like there were only three names. So, I'm going to, I'm going to try a different name which is not available in database. So, it will just send you no records found. Oh wait, 200. There is some issue in code. So, whenever you change anything, it comes with blue chip and you need to deploy that code. Deploy is also very easy with only one click you can deploy your new code. Okay, status code, not status. So, if there is some library built over it, like if you are using any pre-built node, there is information available over here. What parameters you should pass your code into. So, we need to pass those status codes and we just deploy it and it will be ready. So, it says 404 not found and here whatever message you want to display to your user, you can do it. So, now this was the get parameter. We'll come back to post after that presentation. So, this is what I explained here. It's a very basic JavaScript code. You don't need to do much and if let's say you want to introduce some global functions or global variables, there is context available in Node-RED. You pass your data to context. It will run through your application. Let's say you have some variables which are like predefined values, which should be there in the system. Then you can store it in context. There is already something available called function global context where you can store your static data and it will be saved in your settings.js. Whenever some package, like whenever you do npm install Node-RED, it has one file called settings.js and those files will be saving the global information of that thing. This is again a simple Node-RED JavaScript functions. Now, let's say you need some nodes to be installed. Let's say you want to use MongoDB database or another database. So, MongoDB community has already built npm package for MongoDB. It's already over there so you need to just install that npm package into this Node-RED so you can have your nodes into it. If you want to find it out if MongoDB is not installed, so you can just install any database and it will just show power here. All the flows which are available right now because Node-RED is a community project and it has been handled by GitHub only. So, right now there are one, three, six, two flows are available. So, if you want to find out if your node is available or not, you just search for it. MongoDB node and all will be coming up. You click on it and you will find the command which npm package you want to install. So, already all the flows are available on Node-RED.org, flows.Node-RED.org. So, go over there, try something out. If you don't even have IoT devices, this can be very useful for backend API development also. If you don't want to code much and you don't want to deal with all the routes and database connections and all, you can just try this out and be done with your API management stuff. So, easy to wrap up any module. Code is already in JavaScript. You can build HTML files over top of it also. You can give it a nice UI kind of framework. Let's say you have a form and you want users to fill that form and directly it should go to database. You can just do it via JS and HTML. So, basically it's full of JSON. You just need to deal with JSON and you are done with it. This is the sample. I'm just putting a sample JSON file to you that you, we used one node and that node information is stored like this. If it's password protected, it will be MD5 hash and then you can deal with that. Like you can store that code into GitHub and then you can pull it out. This is an order. Now, coming to Internet of Things, how devices deal with the data sending part to server? How do they send data? They obviously need some Wi-Fi connection or GPRS SIM card. They need something to send data. That is a networking connection part. But how secure can it be? Let's say you have an STTP API. I have one STTP API that get data from my device. That is an open API. Any device can hit information like that. If my device, I am making air pollution devices and another guy is making other devices which are sending similar data and if he found my APIs from back door, then he can hit me anytime and any APIs they want and my servers will be crashed. So, how devices can deal with this? So, there comes the MQTT protocol. It's a message queue telemetry protocol. It has the five, it is like PubSub thing. You publish something, devices publish something and my servers can subscribe to it. Let's say, what is IoT? IoT is handling your devices while sitting in your office or somewhere. So, if you want to reboot your devices, if you want to reconfigure your devices which are far allocated from you, which are in working condition, you don't want any downtime like downtime should be zero. So, at that time your server will become the publisher and your devices will become the subscriber. So, let's say I hit the reboot command from my keyboard and the devices should get rebooted with new configurations. So, this is what the beauty of MQTT protocol is. Now, in STTP, you can relate your URL sentence to topic name. They should know something like if my device is subscribing to some, it should know what topic or what subject I should subscribe to. So, those are the topic names. It's very basic and it's needed. So, the topic name is there. Now, how can device be assured that my message which I sent to server, it got to there and like it's available over there and it's stored to database. So, there comes the guarantee of delivery like server like whenever device is sending data to server, server gives feedback to the device that yes, I got the device and it is saved into our whatever message you want to give. Then comes the security and scaling like if you have like 1000 or 10,000 devices, then how can you deal with your device and server? So, this is your MQTT client which is your device. It is sending data to MQTT broker. So, in MQTT, it's not called server, it's called broker which deals with your device and server like your STTP database. Your database can be directly connected to this also if you want to but it's not a feasible way always get it to some STTP or any local server which is Linux based and then process the data and then get it to your database like in a very formatted way like you want. So, you see devices are publishing data to broker and broker is publishing data to server. So, they must be subscribing it. So, whenever your device let's say you have four devices. So, each and every device should be like registered to your server. So, it's called broker registration of device. You send a connection request to MQTT broker and it sends acknowledgement back. Yes, you are registered. Now, you can send your data. Then as soon as device gets registered, it has some GPRS connection or let's say Wi-Fi connection. Whenever it gets internet, it starts rolling out the data from itself. So, there are basically boards like Raspberry Pi or let's say some Intel Edison boards. So, it can't save much memory to itself. It has limitations. So, devices can store data up to like it again it depends on how what data you are get fetching from device. It can store data up to some limitation let's say maybe in KBs or 128 KBs. So, you need to decide how much data you want to store while device is offline and then when it comes online, it should start flowing the data to server. So, there are three delivery guarantees like quality of server 0, call it QoS1 and QoS2. What are these again? Like I already told you that it gives like server gives response back to devices that I got your data. So, whenever device is using QoS type 0. So, it has like it will send data at most once it's written over in the bottom like let's say I have one temperature sensor at currently it is 225. So, 225 pm I have sent the 25 degree Celsius temperature to server it's done it has no delivery like no feedback coming back from server it will send data at most once if server will accept it it is free then it will it will take it and store it otherwise that data is gone. Then comes the QoS1 device is sending data to server that this is my temperature value and server will give you a publisher like feedback that yes I got the data. So, at least once it will try server will try. So, it is the QoS1 and then comes the QoS2. Until and unless like there is confirmation from server that this data is stored into my database or we have processed the data device won't stop sending the data. This is until it has the memory of saving the data onto its board or its chip. Now, STDP API I will show you I will show you couple of APIs on yeah. So, this was the get API that we tried now if we want same API with post request you just change that body I'll go into details of coding also like how do you get your name from the request. So, I already told you right all the data goes through one message. So, message.request path like which is the URL request that we have split that URL request with arrow forward slash which is already present in each and every URL and we got the name like last name last parameter will be my name. So, I got the name which is which is coming from this postman request like this is the name we are getting and that name is getting compared to that follow. So, now let's say we want to send data to like in post request. So, name is jamesh and we need to have API for that. So, both API has speaker info but this is get type and this is post type post is this now in query preparation we won't be getting name from message request path we will be getting that like that name parameter from message.request.body. So, request body is what we defined over there in postman this is the body like name is jamesh and then we'll remove this from URL request and we'll just hit post API. So, again it gave the same same response back as it is API post API and you can give some different name over here and it won't it will return no records found again we did the I did the mistake of not defining the status code which I'll do I just deployed it and now if we hit this API it will say photo for no no records found and message I printed that no records found now I told you the debug part right. So, whenever whenever you are hitting any API let's say what you want this is the active node you want to see data flowing from this node to next node. So, this is the debug so I'll delete this and we can just drag and drop this node from there and we can see the data coming out from this node to this node and just deploy it you can you can like you can say any any key which you want to see like which you want to debug over here or you can debug whole whole complete message of the call so we'll try both. So, let's say I hit the get API and we got one debug node that yes this JSON is passing from one node to next node and this is the debug thing so you can you can see your debug moments is very easily and on that UI only UI only if you want to if you want to debug something on node dot like on your terminal then you can see node dot log and so wherever you are you can get your debug message over here also it printed the message but it didn't print the message object so basically by node dot log you can print log messages to your terminal and by the debug mode over there you can see the messages like real time what are the debug messages coming from those node flows. So, this was the HTTP API which I mentioned before going to MQTT API is how we should try it out if you have any questions over STTP please you can tell me ask me. No, all right. So, this is one MQTT client now how devices can securely send the data brokers MQTT brokers should act as like OAuth 2.0 which is like authentication method like you get registered yourself over there you will get one username and password you will get one client ID with with that client ID you can subscribe to your topics you can publish your topics from your device from your server anything so this is the demo I have prepared like actually the device is residing in India sending the data to this MQTT server so you can really have a live connection over here so basically what you need like this MQTT is basically a TCP it is built over TCP only so you can you can tell that it is a TCP protocol you can you can give your host name mostly MQTT is hosted on port 1883 you can you can do it on any port you want now this is my client ID if you if you don't want that much security you can give like any client ID like as put a streak over there in your configuration and it will you can you can deal with any general random ID but you need to pass client ID for your connection so this is how devices build their connection to server these are the username password sorry password I can't show you because this is a live data coming in from devices so I did this and so connection loss and connection established so the servers are already live so I'll just delete all the messages so each and every devices like so this is the subscribe and you can publish it from over here also let's say I want to reboot some device this is my topic name it is defined for like we have defined each and every device a unique topic name which like device ID will send data to server with its device ID and its device type so it will send data and now if we want to reboot that device we can just publish the command over there which will be having one JSON file of its configuration and it can send data to that device and it gets rebooted so this is how mqtt will work as like publish subscribe transform like mechanism basically so date each device is sending data to like each each and every two or five minutes so we can wait for two minutes and this is the mqtt protocol that I wanted to explain to you guys that how how it is working and how it should be it will show you the last five messages whenever it is coming so yeah I explained you the STTP APIs mqtt now I if you have any questions so please shoot them because I'm pretty much done with presentation we'll we'll wait for the data to come in yes go on application but the background is not not right I'm using Ruby on Rails and the broker is Mosquito of course just wondering because we cannot we cannot do authentication on the device right like you said this is my main password so username password is for client to subscribe to the device like devices have libraries right let's say you have a code in Arduino yeah Arduino will will have its device registered to my server yeah so if that registered device is sending me data then I will be I'll know that this device is already registered and it is sending me data so I can accept it so yeah I get the part that devices can't store the username and password and it can't do the authentication right that's what you're asking actually we have a token in the device right but the token is stored in the database okay is that any mechanism for broker to to read uh release of token in the database if the token is already on the database then you're allowed to to send the data to us yes it can do MQTT broker is basically a server only like a linux server hosted on your virtual machines so it can read that data from devices so first initial line of communication will be kind of open and one once it gets that token it gets verified that yes this is the registered device now I can start listening to the data what it is giving that's it thank you just you mentioned two things one is uh uh not red yes so does that mean that uh no red will will run in on this MQTT yes I'll show you so these are the data we'll discuss this later so and you can secure this node red also like with username password so currently we are using IBM Watson which is giving us the IBM product we are using which is giving us the MQTT broker and uh this node red is also handled by IBM community only like they are the core developers of this may it may take some time but like I explained you right there are couple of there are number of nodes available which you can install it so this is the MQTT node like and you see device event is written like this is the MQTT node so it is connected right now to multiple devices now how you can configure this so whichever parameter you whichever parameter you added you you can add all the device like the parameter client ID username password you can you can mention all of them into authentication and then you can see you can basically tell your server like which data I want to fetch do you want to fetch any particular data let's say on particular topics or do you want to fetch any one events one device data or do you want to fetch all of the data so this is how you get the data from node red like uh like devices to node red and node red like devices will be sending data like devices hostname will be this tub.izom.com so it it it like identifies the uh hostname and then it is sending data to the node red client here are the like the client ID becomes your api key api token is already mentioned and then the authentication can be done over here so this is how the data comes to node red and then node red can process that data to store it into database or store it somewhere else so these are also database like this is a MongoDB database where we are storing like which operation do you want to do save save the object like which collect which collection and which so database node can be configured like database connection is also this much easy like you give port name you give the ip address and the database name username password so once you have done this your database connection is established and your data can be saved too like whatever data is coming from IoT event can be saved to database are you clear or somewhat gray area so just to confirm that this uh uh node red is this kind of server software yes yes yeah it's running on it can be running on virtual machines it is running on some virtual machines servers actual virtual servers and MQTT protocol is what it handles from MQTT like from node red itself so let's say you install a software on your server let's say you have a website running on your VM virtual machine so node red is just an application which is providing you how to enable MQTT support for your devices and server devices and database server so it is a connection just it is a protocol MQTT is just a protocol it is just like like HTTP is there like you like you make a phone call to someone right so that is going through like it has some standards so those standards are defined in one protocol so MQTT is just another set of standards which device is used to send data to server that means uh uh node red can use the activity yes yes yes it can use as protocol yes yeah the other question is how can servers and uh they not put the device so server can send data to device so huh so just like the so it it will have some like server communicate through HTTP and MQTT both let's say you want to you want to control a device let's say there is one tube light you want to switch it off so you will you will need some web page in your browser like you will click the off button from one so from certain web page you will click the off button and the data should be sent to that device now there are some so as this was an input node it has some like it has some output node also like you give command from here you you mention all the device ID or like whatever the device configurations you want to send to device and you just plug that uh function node to this one now this will have if you want to if you want to manage only one device then you can just give that unique topic name that you need to design first like whichever topics we were discussing in this like it has subscribed to one topic name right so put that topic name into that uh IBM IBM event like IoT node and then send just click the hit then it will send the data to device it's very easy so getting data from device and sending data to device no it needs to be connected via gprs or wi-fi so so some internet connection should be there otherwise it is not internet of things if it is connected with internet then it can send any request you want to send to device the network connection is that it just the device is sleeping huh device is sleeping but this will this will work as a trigger that whenever that device is subscribing to this topic name if this trigger is coming then there is already a code written in device that what should i do if this comes so basically device is sleeping let's say device is sleeping right now it it is also subscribed to certain messages like if this message is coming like when we get notification in our phone what should be dealt like you need to book your movie tickets you need to you need to navigate your to other station or you need to fetch another train so devices are also coded in such way that if this message comes i need to reboot myself and i need to take new configuration and i just need to work as it says to me server to wake up the device it should be coded i think so from device side otherwise if device library should have that mechanisms or should have those functions which can work when device is in sleep mode like it should be subscribed to certain topic names then only you can do that so subscription is very necessary in mqtt like you need to subscribe to certain topic names and then it can deal with it so it it works both the way it can publish it can subscribe so both things should be description the definition between the device and the controller which is so i am basically a software guy so i don't know that much of hardware how it works i work with few hardwares but i don't know much about it so yeah i have one sample architecture of my application can you see it yeah so so these are the devices just imagine there are some devices right now so devices will be sending data from mqtt protocol i'll just point out from here so so this is my uh node red thing actually application layer of mine so it it can like some of you may have seen some web application where you can see live data like let's say there is one request at 241 and at the same time you can see that request to your web page so this devices will be sending data to via mqtt broker like broker will be sending broker will be saving that data to db server like any database mostly it will be no sequel because data's can't send sequel like devices can't send sequel data so there that database server will be managed by node red thing again like i have written express sorry for that but it is like node red is application api layer of my whole architecture so that api will be managed by my web server and node red so it so now there are some multiple computers or mobile clients available they will send request to node red if if data is sent through to db server then node red will fetch that data from db and it will just give that data back to clients now you can you can do all these also like you can you can have a search mechanism if your data is huge like in amount of tbs or let's say like 100 gbs or 200 gbs you can have these architects also but this is this we can skip right now but these are the few things that we need to understand that whenever devices are sending data your mqtt broker will save that data to database server if you want live data you can open a web socket from your database and that web socket can be connected to apis or your web clients or mobile clients that's how you can see the live data on your devices actual mobile or laptops so this is the application basic rough application diagram that i have it can be but you need to buy sttps and yeah you need to consider it yeah in node red is there any mechanism to do a streaming that is like mqtt subscribe yeah yeah and it's the people are using web socket so you can do web socket over here you can you can store some so there is one cape collection you do you know do you have idea of caped collection caped collection it has like whenever data is coming to your database it stores the current data let's say you have 50 mb of memory allocated to your your database so that that 50 mb will be present in that collection and that collection will be rolling out data to your web applications and node red also can fetch those data from your cape collection and it can show it to clients so it's it's like real streaming only like whenever data is coming it is going out yeah i mean it's like an open stream yes yes yes so this this was open only when when i showed you like these are connected clients right now green shows that these are connected like my my actual devices residing in india are connected to my server whenever whenever i have server issues it will turn to red or yellow like it is connecting or it is not connected it has some issues i mean that's from the device right i mean from the client so i open the web browser and and it will show the real time status of the device yes so if there is some issue with client you are asking yeah the client is not red can can have some yeah if client is dead then you can't connect to api or you can't fetch data to your web application like if this thing is dead like node red is dead then devices will be saying sorry i didn't get your question there like a check application right if if someone else in another computer sends a chart it automatically send to the difference the other thing is the device and we have a broken yes yes and we have a red and your your your api is only kept and was it is kept only one time and you send a request and you are the specific value only one if you want to if you want to stream that data you need to open a connection via web socket there is a library called socket dot i o available so it's it's in version one right now it it is available for node red also so socket dot i o is the url you can go go over there you can subscribe to that socket dot i o you just open a connection to your use by giving username and password and it will it will start fetching the data as soon as long as you have internet you can any more questions yeah it's open source and it has been active since eight to nine months it is growing like very good already you have seen like 1300 nodes available no issues i have actually these these are the production servers i am showing it right now so no more questions thank you thank you so much