I’m trying out webhook integrations for the first time to hook some event data from a Boron over to AWS IoT Core. I’ve used AWS IoT Core in the past over an MQTTS connection which was pretty straightforward(not on the particle ecosystem). Since I’m using a Boron here it looks like Webhooks are the way to get this done. I see basic authorization on the Webhooks but I don’t see any support for TLS. Also I think the forum is getting so huge here it’s hard to find information.
Can someone point me in the right direction to create a webhook to post data using root, client cert, and private keys? I know the endpoint and all the other information.
There is no way to set a custom TLS client certificate or root certificate when using a webhook.
You’d need to use an intermediate server (webhook or server-sent-events, SSE) either as a full server or a microservice (Amazon Lamda Function or Google Cloud Function, for example), that is able to include your certificates.
Thanks @rickkas7. However doesn’t that sort of nullify the security of TLS? I’m just really surprised there is no way to establish a TLS connection from Particle’s server to another server. It seems the resources would certainly be there to support that. What gives? Is this just something that has not been implemented yet?
We are trying to develop a line of Cellular connected sensors that are compatible with AWS IoT. AWS will need to certify the product but I believe this insecure connection to a secondary server would be frowned upon in that certification process.
With SSE, your server makes an outgoing connection to the Particle cloud over TLS/SSL, authenticated with a Particle auth token, and keeps the connection open. This is secure. Since you have control over this server, you could use TLS client certificates and custom certificate roots, if desired, to securely access other servers.
There hasn’t been any demand for TLS client certificates in webhooks and it is not in the current feature roadmap.