In order to optimize logs storage we will remove some parameters from a generic log message. Parameters list are below:
event_origin - parameters origin_id and origin_type allow you to restore it
event_text - textual representation of event_code
Changes will be applied at march 30th.
We introduced slight non-blocking change to the tokens configuration.
First of all we added created field which shows their creation time. For all existing tokens for which we do not know the time they were created, we specified last accessed time as creation time.
Second - we do not update expire field anymore automatically for tokens with ttl specified. We just softly calculate validity state for the token by using both explicitly specified expire field and dynamically calculated created/accessed + ttl fields.
For more information about time control please refer to the knowledge base.
We are announcing some changes in token ACLs:
Starting from today (24 September 2020) you will receive warning messages if your ACL usage is deprecated. On 8 October 2020 we will update all the tokens and apply changes mentioned above.
99% users do not use this global items. These items have very wide scope and are not applicable for real life use cases. It is decided to remove them.
When you specify access for an item and do not specify access for its submodules, then submodules access is defined by their item (i.e. access is implicitly inherited).
Example ACL entry:
{
"uri": "gw/channels",
"ids": "all",
"methods": ["GET", "PUT"],
"submodules": [
{
"name": "messages",
"methods": ["GET", "DELETE"]
}
]
}When you specify access for an item and also specify access for its submodules, then access for non-mentioned submodules is denied.
Example ACL entry.
{
"uri": "gw/channels",
"ids": "all",
"methods": ["GET", "PUT"],
"submodules": [
{
"name": "messages",
"methods": ["GET", "DELETE"]
}
]
}If you need to use some submodules in ACL and you want to avoid warnings, then you may explicitly deny access for all unused submodules.
Let's assume you need to GET, PUT all streams and assign devices to them. Then you might have the following ACL entry:
{
"uri": "gw/streams",
"ids": "all",
"methods": ["GET", "PUT"],
"submodules": [
{
"name": "devices",
"methods": ["GET", "POST", "DELETE"]
}
]
}To avoid receiving warnings you may explicitly deny access to "channels" and "logs" submodules:
{
"uri": "gw/streams",
"ids": "all",
"methods": ["GET", "PUT"],
"submodules": [
{
"name": "devices",
"methods": ["GET", "POST", "DELETE"]
},
{
"name": "channels",
"methods": []
},
{
"name": "logs",
"methods": []
}
]
}Some REST API methods like PUT gw/devices or GET gw/devices/messages, etc., multiplied the API call count by the number of items affected. Thus, we tried to protect the platform from overload.
But this method was not obvious to platform consumers, so we decided to simplify it - now any REST API call increases the total counter by 1.
Now all REST API call logs (e.g. HTTP access logs) are available for your information in the Platform section of the Toolbox.
We log the source of the request, its parameters, content, and response code, size, and duration it took to perform the request.
You can now set "x-flespi-app" header in all your REST API requests to specify any application details you may need. The content of this header (truncated to 64 characters length) is saved in corresponding platform logs messages.
A new feature has been added to the Subaccount's Limits API. You can specify how long the item will be blocked.
We implemented REST API to access billing information: https://flespi.io/docs/#/platform/billing
Now via API it is possible to:
We will soon provide UI in https://flespi.io panel that utilizes that API. This announcement is for such users that want to automate flespi invoicing process non-standard way.
In order to standardize tokens and oauth REST API services together with other platform entities we moved them to a different REST API path.
Old: /platform/customer/tokens and /platform/customer/oauth
New: /platform/tokens and /platform/oauth
Syntax and call parameters remained the same, just "/customer" part was removed from the API call path.
Old REST API methods will be available until May 15, 2023. On March 1, 2023 we will mark them as deprecated and they will be highlighted in the platform logs with warnings about deprecated method usage on each API call. We will also detect and personally contact all flespi users that will use old REST API methods after April 1, 2023 to ensure their smooth operations.
MQTT tokens and oauth state topics also changed to reflect updated paths:
Old: flespi/state/platform/customer/tokens and flespi/state/platform/customer/oauth
New: flespi/state/platform/tokens and flespi/state/platform/oauth
Both topic paths are synchronously updated now and old topics will be maintained until May 15, 2023.
Please update your software accordingly until May 15, 2023. If you have any question do not hesitate to contact us in flespi chat.
We started to publish the unique idents received by the channel to its retained MQTT storage. The topic is flespi/state/gw/channels/+/idents/+
We introduced certain limits for traffic generated by CDNs which may lead to temporary suspension of particular CDN operation. And we activated webhooks limits as was initially published (were not active during experimental period).
You may find latest restrictions per each tariff by this link: https://flespi.com/en/docs/restrictions
When an account hits certain limitations, we no longer block the entire account. Instead, we block specific active tokens that have exceeded the limit. For example, if your API token starts consuming too many requests or generating excessive traffic, it will be temporarily blocked for a certain period of time. However, all of your other systems will continue to function as usual. Additionally, you will still be able to log in to the panel to check logs and perform other tasks.
When you perform an HTTP request using a blocked token, you will receive an HTTP error 429: Too Many Requests.
We moved webhooks from experimental to production-grade platform entity and applied initially published restrictions.
REST API selectors syntax has been enhanced with expressions. Now it is possible to perform rather complex selection operation for PUT/GET/DELETE operations.
To specify expression with REST selector please use brackets: {expression}.
To select devices from 2 accounts specified by cid you may use this selector: GET /gw/devices/{cid=123 || cid==456}
To find devices that are located within 100 km from point with latitude 54.72 and longitude 25.26 you may use the following selector: GET /gw/devices/{(now()-telemetry.timestamp < 3600) && distance(telemetry.position.latitude, telemetry.position.longitude, 54.72, 25.26) < 100}
The actual request should be urlencoded:
curl -X GET --header 'Authorization: FlespiToken XXX' 'https://flespi.io/gw/devices/%7Bnow()-telemetry.timestamp%20%3C%203600%20%26%26%20distance(telemetry.position.latitude%2C%20telemetry.position.longitude%2C%2054.72%2C%2025.26)%20%3C%20100%7D'
To select devices by multiple idents use the following syntax: GET /gw/devices/{configuration.ident == "123456" || configuration.ident == "54321"}
Also from now we encourage all our users to wrap strings in double quotes using legacy selectors as well, like: GET /gw/devices/name="asd*" instead of: /gw/devices/name=asd*. Although both formats will work.
Partial Fields Request: You can now specify which keys to return in order to reduce the amount of fetched JSON. For example, you can fetch only ident and phone number for selected devices:
Request: GET /gw/devices/all?fields=id,configuration.ident,configuration.phone
Response: {"result": [{"configuration.ident": "first", "configuration.phone": "+123"}, ...]}
Pagination Support: You can now use pagination to fetch a limited number of items starting from a specific position. The parameters 'limit' (X) and 'offset' (Y) are available for this purpose. To fetch not more than X items starting from position Y:
Request: GET /gw/devices/all?limit=X&offset=Y
Response: {"result": [{}, ...], "pagination": {"limit": X, "offset": Y, "count": Z}}
Here, 'count' is the total number of items available.
We have added a new field named metadata to all item types, allowing the attachment of custom properties to any item. These properties can be used as filters in REST API selectors.
Device configuration example:
REST API Request: GET /gw/devices/metadata.activated=true?fields=id,metadata
Response:
{
"result": [
{
"id": 123,
"metadata": {
"Region": "EU",
"UserId": 123,
"activated": true
}
}
]
}We are excited to introduce a highly requested feature in today's update. Managing projects with complex architectures, numerous subaccounts, and intricate token systems can be challenging. In response to user feedback, we've now made it easier for you to temporarily suspend subaccount activities.
Previously, achieving this required setting a completely restricted limit for the subaccount. However, with the latest update, you can now simply toggle the ON/OFF switch for the desired subaccount or token. Notably, disabling this option will recursively affect all nested subaccounts.
REST API method to disable subaccount:
PUT /platform/subaccounts/{subaccount-id}
Payload: {"enabled": false}
Similarly, to disable a token, use the following REST API call:
PUT /platform/tokens/{token-id}
Payload: {"enabled": false}
