Problem with user credentialed apis and Tidbyt?

If I understand it correctly, since the official apps run on the Tidbyt servers they can’t authenticate with external apis that require an individual users credentials (eg. a users portfolio value on an investing site). If the user could input their credentials during setup that might work but then they must be transmitted and/or stored somewhere that might not be very secure or easily updatable. I guess it’s the age old issue of dumb terminal vs heavy weight workstation. Is there any plan to eliminate the server requirement for certain uses of the Tidbyt ? For example a dedicated weather Tidbyt that would access and parse json directly from a datasource api on a certain schedule. Something would continue to function even if the Tidbyt backend infrastructure was to go down ?

Hey @Tavis_Gustafson,

I’m so sorry for not replying sooner. I missed this one. =(

There are a couple of apps available right now that depend on authentication with an external service, e.g. Twitter, Spotify, and Google (Calendar). As you point out, the catch there is that credentials do have to be passed around. For apps developed by us at Tidbyt that’s not too difficult to manage, but when it comes to 3rd party apps, things get tricky. What I can say for sure is that under no circumstances will we build this in a way that risks having our users unknowingly submit their credentials to untrusted parties.

We’ve gotten several requests for ways of utilizing Tidbyts without depending on our backend, and we will definitely release some form of firmware SDK to enable completely custom use cases like what you describe. Not 100% what it’ll look like in practice yet, but the devices already come with an unlocked bootloader to make sure there’s no lock-in to the Tidbyt platform.