Securely Communicating with Server

Hello All,

I am creating a project that uploads data to a remote server that I own and operate. Right now I am creating a simple TCP connection in order to accomplish this. However, this is not a secure implementation at all. I wanted to be able to use HTTPS and some kind of token based authentication method. Is there any library out there that would accomplish this, or would I have to roll my own?

Or could I somehow do this through Particle’s services?

Thanks for any advice.

There are numerous solutions. A few:

  1. The Glowfish SSL client. It’s kind of big, but it seems to work. That will allow you to make SSL connections directly from your Particle device.
    HTTPS client is here for the Photon! - by the glowfi.sh Team

  2. Webhooks. If your data uploads fit into the time/size constraints of event publishing, you can use a web hook to simply Particle.publish from your code and have the web hook convert it into an SSL request to your server. (The data communication between your device and the cloud is also encrypted.)
    https://docs.particle.io/guide/tools-and-features/webhooks/

  3. A custom hybrid solution. Since you control your own server, you have more options. You might have the Particle device send a private publish event that it wants to connect. Your server subscribes to particle events and receives this, then sends an event or particle function back with, say an AES session key you use to encrypt data with the regular TCPClient. This is much simpler than the whole TLS stack because it leverage the public key and session encryption built into the Particle cloud support.

1 Like

I like the webhooks. I previously thought they were only good for receiving data from web services. I didn’t know I could post data to them as well. What would be the best way to secure the endpoint that is receiving the data? I wanted the user to be able to use a mobile app to set up the device and register it to their account. So, I was thinking some kind of token based authentication, but I am not sure what kind of value to use. (I want to avoid the use of a master key to sign all of the devices with).

I’d take a look at this link. If you can leverage the Particle authentication infrastructure you can save yourself a lot of work. It’s pretty flexible and there are a number of options.
https://docs.particle.io/guide/how-to-build-a-product/authentication/

1 Like

Would the communication between my server and the Particle services occur on the Backend (Java, C#, Node etc) or would we use a Javascript library on the web app? I would prefer that the backend server be able to communicate with Particle’s services.

Either. I connect using Java on the back-end using my own code. The Particle cloud API is really quite simple and well documented so you can use it from anything.
https://docs.particle.io/reference/api/

The Particle API JS works both in node.js on the back-end and in a browser.
https://docs.particle.io/reference/javascript/

What about sending authentication information to my service through the web-hook? I was thinking of sending back the access token, but I don’t think I have access to it? These are the options I am seeing:

SPARK_EVENT_NAME
SPARK_EVENT_VALUE
SPARK_PUBLISHED_AT
SPARK_CORE_ID