Research Article

Architecture and Security of a Flask-based IoT Environmental Telemetry API with JWT Authentication and a Django eCommerce Platform for Climate Resilience Applications

by  Chinonso Job, Festus Chijioke Onwe
journal cover
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 187 - Issue 120
Published: June 2026
Authors: Chinonso Job, Festus Chijioke Onwe
10.5120/ijca41c0737a5766
PDF

Chinonso Job, Festus Chijioke Onwe . Architecture and Security of a Flask-based IoT Environmental Telemetry API with JWT Authentication and a Django eCommerce Platform for Climate Resilience Applications. International Journal of Computer Applications. 187, 120 (June 2026), 41-46. DOI=10.5120/ijca41c0737a5766

                        @article{ 10.5120/ijca41c0737a5766,
                        author  = { Chinonso Job,Festus Chijioke Onwe },
                        title   = { Architecture and Security of a Flask-based IoT Environmental Telemetry API with JWT Authentication and a Django eCommerce Platform for Climate Resilience Applications },
                        journal = { International Journal of Computer Applications },
                        year    = { 2026 },
                        volume  = { 187 },
                        number  = { 120 },
                        pages   = { 41-46 },
                        doi     = { 10.5120/ijca41c0737a5766 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }
                        %0 Journal Article
                        %D 2026
                        %A Chinonso Job
                        %A Festus Chijioke Onwe
                        %T Architecture and Security of a Flask-based IoT Environmental Telemetry API with JWT Authentication and a Django eCommerce Platform for Climate Resilience Applications%T 
                        %J International Journal of Computer Applications
                        %V 187
                        %N 120
                        %P 41-46
                        %R 10.5120/ijca41c0737a5766
                        %I Foundation of Computer Science (FCS), NY, USA
Abstract

The intersection of IoT environmental monitoring and web-based commercial platforms presents distinct software architecture challenges, including real-time data ingestion, secure multi-user access control, and scalable subscription management. This paper presents the architecture, implementation, and security evaluation of two integrated software artefacts developed for BlueWave Solutions, a climate-tech company deploying solar-powered IoT desalination buoys: a Flask-based RESTful API that ingests, stores, and serves real-time environmental telemetry (salinity, pH, pollutant concentration) secured with JSON Web Token (JWT) authentication, and a Django-based eCommerce platform supporting desalination-unit sales and data-subscription management, integrated with the API through a shared JWT issuance mechanism. Beyond the original architecture specification, this revised version substantially extends the analysis: it adds a STRIDE-based threat-category mapping, a full database schema with explicit 3NF justification per entity, an expanded security-test breakdown disaggregated by attack vector, and a structured comparison against three recently published IoT-microservice security architectures. Testing results from Pytest unit tests and Postman integration tests, comprising 22 functional test cases and 34 security-specific assertions across four attack-vector categories, are reported and discussed in detail, all achieving a 100% pass rate. The system is deployed on AWS EC2 with MySQL RDS, and the paper concludes with an elaborated discussion of future scope, including JWT refresh-token rotation, managed-secrets migration, and load-balancer-enforced HTTPS.

References
  • I. Sommerville, Software Engineering, 10th ed. Boston: Pearson, 2016.
  • R. Elmasri and S. B. Navathe, Fundamentals of Database Systems, 7th ed. Boston: Pearson, 2016.
  • K. Beck, Test-Driven Development: By Example. Boston: Addison-Wesley, 2003.
  • K. Schwaber and J. Sutherland, The Scrum Guide, 2020. [Online]. Available: https://scrumguides.org/
  • G. Booch, J. Rumbaugh, and I. Jacobson, The Unified Modeling Language User Guide, 2nd ed. Boston: Addison-Wesley, 2005.
  • M. Cohn, User Stories Applied. Boston: Addison-Wesley, 2004.
  • S. W. Ambler, Agile Modeling. New York: Wiley, 2002.
  • K. S. Rubin, Essential Scrum. Boston: Addison-Wesley, 2012.
  • M. Jones, J. Bradley, and N. Sakimura, "JSON Web Token (JWT)," RFC 7519, Internet Engineering Task Force, May 2015.
  • A. Shostack, Threat Modeling: Designing for Security. Indianapolis: Wiley, 2014.
  • D. Hardt, Ed., "The OAuth 2.0 Authorization Framework," RFC 6749, Internet Engineering Task Force, Oct. 2012.
  • R. T. Fielding, "Architectural Styles and the Design of Network-based Software Architectures," Ph.D. dissertation, Univ. of California, Irvine, 2000.
  • P. K. Gkonis et al., "Relevant Cybersecurity Aspects of IoT Microservices Architectures Deployed over Next-Generation Mobile Networks," Sensors, vol. 23, no. 6, 3037, 2023, doi: 10.3390/s23063037.
  • A. Bhattacharjya et al., "Migrating from Microservices to Serverless: An IoT Platform Case Study," arXiv preprint arXiv:2210.04212, 2022.
  • M. Waseem et al., "Exploring the Potential of Microservices in Internet of Things: A Systematic Review of Security and Prospects," J. Syst. Softw., 2024.
Index Terms
Computer Science
Information Sciences
No index terms available.
Keywords

Flask API Django IoT JWT authentication REST API environmental telemetry OpenAPI Swagger eCommerce AWS security climate technology STRIDE threat modelling

Powered by PhDFocusTM