This is a password-protected API. It is the only way to create or delete a new tag and view its secretkey. Capture data can be added manually (without decoding a cuplURL).
cuplbackend stores data from multiple cuplTags. Each is identified by an 8-character serial string.
Data captured from a tag are authenticated with an HMAC. This prevents the database from being filled with bad data. The HMAC is derived from a secret key of 16 random characters.
The serial and secret key can either be supplied to the create tag endpoint or generated automatically. Both are stored in cuplbackend and written to a cuplTag at production time.
The API includes a simulate endpoint, which wraps around the encoder part of cuplcodec. It sets up a virtual tag and feeds its sensors with a sinusoidal data stream. This makes it easy to test the backend. There is no need to pick up a phone to scan a physical cuplTag.
All endpoints on the cuplbackend AdminAPI require a bearer token. This is yielded by the obtain token endpoint upon receiving a valid CLIENT_ID and CLIENT_SECRET. Both are environment variables and the latter must be supplied for cuplbackend to run.