card, which in turn allows anyone with access to the product to analyze the system in real
time. The solution here is not to impose obscurity in order to disallow such tampering, but to
further protect the product from a remote vulnerability in the web server or other services that
can lead to compromise of not just the doorbell, but also other important IoT devices (such as
lighting and door locks) that may share the local network.
One Token to Rule them All
Once the cloudBit is configured, you can browse to http://control.littlebitscloud.cc and click on
Settings to get the value of the DeviceID and the AccessToken that are assigned to your cloud-
Bit (Figure 7-22).
FIGURE 7-22. Obtaining the AccessToken assigned to the cloudBit
The AccessToken can be used to interact with the cloudBit remotely. For example, the link
in the form of https://api-http.littlebitscloud.cc/devices/DeviceID/input?access_token=AccessTo-
ken&token_type=bearer displays the status of the cloudBit. This resource uses the cloudBit API
to query the status of the cloudBit every second. The first sequence of output shown in
Figure 7-23 lists the value of percent as 100 because the button attached to the cloudBit was
pressed, causing positive input to be sent to the cloudBit. The second sequence lists the value
as 0 , indicating that the button is not being pressed anymore.
210 CHAPTER 7: SECURE PROTOTYPING—LITTLEBITS AND CLOUDBIT