Exos Connection

Exos Connection provides secure authentication for connecting mobile devices to ShipEdge using QR code scanning. Generate a secure connection code displayed as a QR code, scan it with the Exos mobile app, and establish a secure connection without entering passwords.

Why Use Exos Connection?

Secure Authentication

Connect mobile devices securely without entering passwords. QR code authentication provides a safe way to link devices to your account.

Easy Setup

Scan a QR code to connect your device quickly. No need to remember or type complex credentials on mobile devices.

Time-Limited Codes

Connection codes expire after 5 minutes for security. Each code is unique and can only be used once.

Device Management

Track which devices are connected to your account. Only one device can be connected per user at a time.

How to Connect Your Device

Access Exos Connection

Go to My Account → Account Overview → Exos Connection or access secure_exos_connection.php directly.
Wait for QR Code

The page checks your connection status every 5 seconds. If no device is connected, a QR code will appear with a connection code.
Open Exos App

Open the Exos mobile app on your device. Navigate to the login or connection screen.
Scan QR Code

Use the Exos app to scan the QR code displayed on the Secure Exos Connection page.
Complete Connection

The app verifies the code and establishes a secure connection. The QR code disappears and shows “Associated device” message.

Understanding Exos Connection

Connection Process

QR Code Generation

A unique authentication code is generated for your user account
Code is displayed as a QR code and as text below the QR code
Code expires 5 minutes after generation
Code can only be used once

Connection States

No Code Available

Message: “Request secure code from ExosApp.”
QR code is hidden
You need to request a code from the Exos app first

Code Available (Not Connected)

QR code is displayed with the authentication code
Code text is shown below the QR code
Ready to be scanned by the Exos app
Code expires in 5 minutes

Device Connected

Message: “Associated device.”
QR code is hidden
Device is successfully connected and authenticated
Hash token is stored for ongoing authentication

Authentication Flow

Step 1: Code Request

User logs into Exos app with username and password
App requests a connection code from the server
Server generates a unique code (7 characters, alphanumeric)
Code is stored in AuthentFactor table with expiration date

Step 2: QR Code Display

Secure Exos Connection page checks for available codes
If code exists and device is not connected, QR code is displayed
Code refreshes automatically every 5 seconds

Step 3: Code Verification

User scans QR code with Exos app
App sends code to server for verification
Server validates code and expiration time
If valid, server generates JWT hash token
Hash is stored in AuthentFactor table
Code is cleared after successful connection

Step 4: Ongoing Authentication

Device uses hash token for API requests
Token remains valid until device disconnects
Only one device can be connected per user at a time

Security Features

Time-Limited Codes

Codes expire after 5 minutes
Expired codes cannot be used
New codes must be requested if expired

One-Time Use

Each code can only be used once
Code is cleared after successful connection
Prevents code reuse or replay attacks

Single Device Connection

Only one device can be connected per user
If another device tries to connect, error: “Another device is already connected”
Previous device must disconnect first

Automatic Refresh

Page checks connection status every 5 seconds
QR code updates automatically when code changes
Status messages update in real-time

Connection Status Messages

”Request secure code from ExosApp.”

Meaning: No authentication code is available
Action: Log into Exos app first to request a connection code
Next Step: After logging into the app, return to this page to see the QR code

QR Code Displayed

Meaning: Authentication code is available and ready to scan
Action: Scan the QR code with your Exos app
Time Limit: Code expires in 5 minutes

”Associated device.”

Meaning: Device is successfully connected and authenticated
Action: No action needed - device is ready to use
Status: Device can now make API requests using the hash token

Troubleshooting

QR Code Not Appearing

Problem: Page shows “Request secure code from ExosApp.” but no QR code

Solution:
1. Make sure you’ve logged into the Exos app first
2. The app must request a connection code from the server
3. Wait a few seconds for the page to refresh (auto-refreshes every 5 seconds)
4. Try refreshing the page manually

Code Expired

Problem: QR code disappears or shows expired message

Solution:
1. Codes expire after 5 minutes
2. Log into Exos app again to request a new code
3. Return to Secure Exos Connection page
4. New QR code will appear automatically

”Another device is already connected”

Problem: Error message when trying to connect

Solution:
1. Only one device can be connected per user at a time
2. Disconnect the previous device from Exos app
3. Or wait for the previous connection to timeout
4. Then try connecting again

QR Code Not Scanning

Problem: Exos app cannot scan the QR code

Solution:
1. Make sure QR code is fully visible on screen
2. Check that code hasn’t expired (5 minute limit)
3. Try manually entering the code text shown below QR code
4. Ensure good lighting and camera focus
5. Try refreshing the page to get a new code

Connection Lost

Problem: Device was connected but connection is lost

Solution:
1. Connection may timeout after inactivity
2. Return to Secure Exos Connection page
3. If code is available, scan QR code again
4. If no code, log into Exos app to request new code

Page Not Updating

Problem: Status doesn’t update automatically

Solution:
1. Page auto-refreshes every 5 seconds
2. Wait a few seconds for next refresh
3. Try manually refreshing the browser page
4. Check browser console for JavaScript errors
5. Ensure JavaScript is enabled in browser

Best Practices

Scan Quickly

Scan the QR code within 5 minutes before it expires. Codes are time-limited for security.

One Device at a Time

Only connect one device per user account. Disconnect previous devices before connecting new ones.

Keep Page Open

Keep the Secure Exos Connection page open while scanning. The page auto-updates every 5 seconds.

Secure Environment

Scan QR codes in a secure environment. Don’t share QR codes or connection codes with others.

Technical Details

Authentication Code Format

Length: 7 characters
Format: Alphanumeric (letters and numbers)
Generation: Random string and number combination
Storage: AuthentFactor.authent_code field
Expiration: 5 minutes from generation

Hash Token Format

Type: JWT (JSON Web Token)
Algorithm: HS256
Contents: User ID and random value
Storage: AuthentFactor.hash field
Usage: API authentication for Exos app requests

Database Table: AuthentFactor

user_id: User account ID
device_id: Mobile device identifier
authent_code: Temporary connection code (7 chars)
exp_date: Code expiration date/time
hash: JWT token for authenticated sessions
updatetime: Last update timestamp

API Endpoints

Login: /api/v2/exos/login - Request connection code
Verify Code: /api/v2/exos/verify-code - Verify QR code and get hash
Status Check: secure_exos_connection.php - Check connection status

Next Steps:

Account Overview - Access all account management features
Preferences - Configure account settings