Configure Public Access to ThingWorx
In Vuforia Studio, experiences contained in a published project can be made publicly accessible by setting the project's Access property to Public. This enables the content that is published to the Experience Service to be accessible without authentication. If the public experiences require access to data in ThingWorx, then the Experience Service must be configured to allow the public experiences to access ThingWorx anonymously.
The Experience Service acts as a proxy for the ThingWorx server. When an experience makes a request to ThingWorx to retrieve a property value or invoke a service, request is first routed through the Experience Service. If the experience is public, then the Experience Service proxy appends an application key to the request before forwarding the request to the ThingWorx server. This application key identifies the ThingWorx credentials used to execute the request. The Experience Service must be configured with an appropriate application key in order for the required ThingWorx public access to be granted experiences.
If an experience provides data from ThingWorx, public access to the data in ThingWorx must also be provided.
Application Key Configuration
|
|
In some cases, application key configuration to support public access may have been completed as part of installing your Experience Service. In this case, a user named es-public-access and an application key with the same name will already exist on your ThingWorx server, and your Experience Service will already be configured to use that application key for public access to ThingWorx. In addition, an organization named es-public-access-org will already exist and the es-public-access user will be a member of this organization. If this is the case, you can skip this section. To complete the public access configuration of your ThingWorx server, complete the steps in the “Enabling Access to Properties, Services, and Events” section in Grant User Permissions. |
To allow public experiences access to ThingWorx without prompting users to authenticate, the Experience Service and the associated ThingWorx server must be configured to enable public access. To allow public access to ThingWorx, an application key must be created in ThingWorx that can be used to access any properties or services in ThingWorx that are required by publicly connected experiences. Use the following steps to create the necessary application key in ThingWorx.
1. Create a user named es-public-access.
2. Create an organization named es-public-access-org.
3. Add the es-public-access user to the es-public-access-org organization.
4. Configure the user so that it has the necessary permissions to access the ThingWorx data required by the public experiences. For more information about the permissions that must be granted to the es-public-access user, see the “User Authorization” section below.
5. Configure thees-public-access-org organization so that it has the necessary visibility permissions to access the ThingWorx data required by the public experiences. For more information about the permissions that must be granted to the es-public-access-org organization, see the “User Authorization” section below.
6. Create an application key and associate it with thees-public-access user.
7. Navigate to the Administrative Console for the Experience Service.
8. Edit the ThingWorx proxy settings and set the anonymous application key parameter so that it equals the keyId property for the application key that was created in Step 3.
User Authorization
To allow users of public experiences to access the required properties and services in ThingWorx, the es-public-access user defined above must be granted the following run time permissions in ThingWorx for both WebSocket connections and for experience data.
• WebSocket Connections:
◦ Visibility—permission on the EntityServices resource
◦ Run Time Service Execute—permission for the GetClientApplicationKey service on the EntityServices resource
◦ Visibility—permission on the SDKGateway thing template
◦ Visibility Instance—permission on theSDKGateway thing template
◦ Run Time Instance Service Execute—permission for theSDKGateway thing template
For more information on granting these permissions, see the “Enabling WebSocket Connections” section in
Grant User Permissions.
• Experience Data:
◦ Visibility—permission for any entities accessed by a public experience
◦ Run Time Property Read—permission for any additional properties whose values are displayed in a public experience
◦ Run Time Service Execute—permission for any additional services used by a public experience
◦ Run Time Event Subscribe—permission for the DataChange event on any thing whose property values are configured for auto-refresh
For more information on granting these permissions, see the “Enabling Access to Properties, Services, and Events” section in
Grant User Permissions.
In addition, the es-public-access-org organization must be granted the following visibility permissions in ThingWorx for both WebSocket connections and for experience data.
• WebSocket Connections:
◦ Visibility—permission on the EntityServices resource
◦ Visibility Instance—permission on the SDKGateway thing template
• Experience Data:
◦ Visibility—permission for any entities accessed by a public experience
