Authentication
Overview
The data produced by Qb2 might contain sensitive or even private information. This data is protected from unauthorized access by default. Any client has to authenticate to the device in order to gain authorized access, such as viewing the point cloud or changing device configuration.
-
Username and password is required to access the web interface.
-
An application key is required to access the Qb2 API directly.
Login
For access to the Qb2 web interface, credentials in the form of username and password are required.
|
Every Qb2 has an initial account with a unique password. Refer to the guide on how to perform the initial login to learn how to access the factory-configured account. |
Initial login
If the Qb2 is in factory configuration (only one account with the default name admin exists) it will only prompt for the password.
Username prompt
The login screen will also prompt for the username if more than one account exists or the default account name has been changed.
Remember me
The Remember me toggle can be enabled before clicking on Sign in. This will create a permanent session for the current browser. The permanent session is based on a application key which will also show up in the list of keys associated to the particular account.
Account
After successful login, the web interface shows the dashboard and an account indicator on the left sidebar. The account indicator provides the logout action and can be used to access the account page.
All details of the currently authenticated account are displayed on the account page of the Qb2 web interface.
An account contains the following attributes:
Username and password
The credentials needed for using the Qb2 web interface are a username and password
The username can be changed when clicking on the value displayed on the account page. Note that no whitespace characters such as Space or Tab are allowed in the username field.
The password can be updated by filling out the fields in the Update password section of the account page.
|
If the password for an account is lost and the account can not be recovered (e.g. by doing an account reset), please contact Blickfeld customer service. |
Application key
Application keys are the credentials required for accessing the Qb2 API programmatically.
Application keys can be generated on the account page. An application key can have a optional attribute describing its purpose. Each application key grants access for a certain access level. The access level set to AUTHORIZED by default. Once created, the generated secret can be used for direct API access.
Refer to the authentication example to learn how to use an application key in your application
When an application key is deleted, clients can no longer authenticate using the key.
|
Admin accounts can create application keys with 
Figure 10. Creating ADMIN application key
The result will be an application key with 
Figure 11. Resulting ADMIN application key
|
|
To connect Qb2 to a video ONVIF compliant Video Management System (VMS) create an application key with the 
Figure 12. Creating HTTP authentication application key
The resulting key in combination with the username can be used as credentials in the VMS. 
Figure 13. Resulting HTTP application key
|
Access level
| The account access level can only be modified in the user management section. |
Each account contains an access level (AUTHORIZED or ADMIN). The functionality of Qb2 is divided into three access levels:
- PUBLIC
-
Clients with this access level are allowed to read basic device information (firmware version, serial number) and are able to login.
- AUTHORIZED
-
Clients with this access level are allowed to modify their own account (e.g. change the account password, create application keys), use all other device functionalities (zone configuration, scan pattern, flow etc.) and can do everything allowed with
PUBLICaccess level. - ADMIN
-
Clients with this access level are allowed to modify or create other user accounts (see user management) and can do everything allowed with
AUTHORIZEDaccess level.
Read only mode
| The account read only mode can only be modified in the user management section. |
In addition to the access level there is a READ_ONLY flag. When this flag is set, only functionality that does not change any configuration can be accessed. This can be used, for example, to only visualize the current data being produced by Qb2 and ensure that no changes are accidentally made to the general measurement setup.
State
| The account state can only be manually modified in the user management section. |
The state attribute reflects the lifecycle of an account. The default value for a usable account is ACTIVE and can be set to one of the following values:
- ACTIVE
-
The account is enabled and can be used for authentication.
- WAITING_FOR_ACTIVATION
-
The account has just been created or was reset. A new password has to be set during login for account activation.
- BLOCKED
-
The account has been manually blocked and can not be used for authentication. A manual state change to
ACTIVEby an admin account is required to unblock this account.
The Qb2 web interface prompts the user to set a new password during the initial login in case the account needs to be activated after it has been created or reset.
