[OT]Sending push notifications from lwip electronic device to mobile devices

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[OT]Sending push notifications from lwip electronic device to mobile devices

Giuseppe Modugno
It isn't strictly related to lwip. I'm sorry for that, but I couldn't
find useful info out there.

I have an embedded device running lwip and an Ethernet interface. The
device is connected to Internet. I need to send push notifications to a
group of mobile devices associated with that embedded device.
Device1 sends push notifications to mobile devices A, B and C.
Device2 sends push notifications to mobile devices D, E and F.
...and so on

I can use Google Firebase Cloud Messaging[1] (FCM) service, that it
seems completely free. For what I've seen, the embedded device can sends
a notification by implementing an "app server"[2] (using FCM naming
scheme). This app server will be able to send push notifications (to one
device or to a group of devices) by contacting FCM server through three
protocols: FCM HTTP v1 API, Legacy HTTP protocol and Legacy XMPP protocol.

I have tried to understand Legacy HTTP protocol[3].
First of all I couldn't understand if I can use normal HTTP, instead of
the more complex HTTPs.
The second question is how to manage server key. The device
authenticates itself to FCM server by a "server key", specified in HTTP
headers. One or more server keys can be added in the Firebase Console
page of the Project.
I think I can't have a different server key for each device, it will be
unmanageable. Every time I deliver a device, a new associated server key
should be added. If I have 1000 devices, I will have 1000 server keys. I
don't think it works this way.
Most probably I have a single server key for all devices. However, in
this case there's a problem with security. If the HTTP traffic is
sniffed from my device, the server key is readable and usable by others.
And all my devices, that share the same server key, will be broken in a
time.

Maybe the solution to this problem is HTTPS that hides the data in the
traffic.


[1] https://firebase.google.com/products/cloud-messaging/
[2] https://firebase.google.com/docs/cloud-messaging/server
[3] https://firebase.google.com/docs/cloud-messaging/http-server-ref


_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users