|
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
|
| Volume 187 - Issue 120 |
| Published: June 2026 |
| Authors: Chinonso Job, Festus Chijioke Onwe |
10.5120/ijca41c0737a5766
|
Chinonso Job, Festus Chijioke Onwe . Architecture and Security of a Flask-based IoT Environmental Telemetry API with JWT Authentication and a Django eCommerce Platform for Climate Resilience Applications. International Journal of Computer Applications. 187, 120 (June 2026), 41-46. DOI=10.5120/ijca41c0737a5766
@article{ 10.5120/ijca41c0737a5766,
author = { Chinonso Job,Festus Chijioke Onwe },
title = { Architecture and Security of a Flask-based IoT Environmental Telemetry API with JWT Authentication and a Django eCommerce Platform for Climate Resilience Applications },
journal = { International Journal of Computer Applications },
year = { 2026 },
volume = { 187 },
number = { 120 },
pages = { 41-46 },
doi = { 10.5120/ijca41c0737a5766 },
publisher = { Foundation of Computer Science (FCS), NY, USA }
}
%0 Journal Article
%D 2026
%A Chinonso Job
%A Festus Chijioke Onwe
%T Architecture and Security of a Flask-based IoT Environmental Telemetry API with JWT Authentication and a Django eCommerce Platform for Climate Resilience Applications%T
%J International Journal of Computer Applications
%V 187
%N 120
%P 41-46
%R 10.5120/ijca41c0737a5766
%I Foundation of Computer Science (FCS), NY, USA
The intersection of IoT environmental monitoring and web-based commercial platforms presents distinct software architecture challenges, including real-time data ingestion, secure multi-user access control, and scalable subscription management. This paper presents the architecture, implementation, and security evaluation of two integrated software artefacts developed for BlueWave Solutions, a climate-tech company deploying solar-powered IoT desalination buoys: a Flask-based RESTful API that ingests, stores, and serves real-time environmental telemetry (salinity, pH, pollutant concentration) secured with JSON Web Token (JWT) authentication, and a Django-based eCommerce platform supporting desalination-unit sales and data-subscription management, integrated with the API through a shared JWT issuance mechanism. Beyond the original architecture specification, this revised version substantially extends the analysis: it adds a STRIDE-based threat-category mapping, a full database schema with explicit 3NF justification per entity, an expanded security-test breakdown disaggregated by attack vector, and a structured comparison against three recently published IoT-microservice security architectures. Testing results from Pytest unit tests and Postman integration tests, comprising 22 functional test cases and 34 security-specific assertions across four attack-vector categories, are reported and discussed in detail, all achieving a 100% pass rate. The system is deployed on AWS EC2 with MySQL RDS, and the paper concludes with an elaborated discussion of future scope, including JWT refresh-token rotation, managed-secrets migration, and load-balancer-enforced HTTPS.