Which is the better architectural approach to update MQTT based sensors status in a website/mobile app?

Skip to first unread message

Javier Destefanis

Mar 16, 2020, 9:43:15 AM3/16/20
Hello everyone!

I'm building an IoT product for selling, from scratch, no company behinds me, therefore, I'm doing all by myself and from time to time I have some questions which some times takes too long to answer.
Mostly this happens because I'm gonna sell the product, so I'm trying to solve all those issues by implementing the safest/accurate solution I can find. (Thanks for reading so far! - I needed to add some context).

This product prototype built in an arduino communicates with an MQTT Mosca server. This is still unsecure (I haven't replaced the credentials by CA certs yet). On the other hand I have a webapp (I haven't built the mobile app yet) where users will be able to login with it after creating their profile by registering themself. When they are in, they will be able to see the discovered devices (my product).

My challenge in here is, how to keep the client (website) connected to the MQTT Mosca server to get it updated with event changes from my product or, publish events from the website (by a button pressed) to the arduino to tell him "do this"?
Maybe my question is idiotic, sorry in advance. I thought on implementing like paho js with websockets and write/add those libraries on the website (client side), but I still don't know how to do not expose sensible data like mqtt credentials or certificates.
On the other hand, same question for a mobile app, which is the best or unique approach to connect the mobile app with MQTT and get the same results?

I hope I could explain myself correctly on what I'm looking for.

Thank you very much!

Dustin Sallings

Mar 16, 2020, 11:07:44 AM3/16/20
to mq...@googlegroups.com
Your question isn't really related to mqtt, but most brokers support authentication, authorization, and access control.  You don't use the same credentials for both the iot device and the user. You just decide which end uses which credentials, what they need to communicate, and let only that happen.  How is broker-specific, but the concept is the same. It's just like how you'd limit access to a database or any other resource.

To learn more about MQTT please visit http://mqtt.org
You received this message because you are subscribed to the Google Groups "MQTT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mqtt+uns...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mqtt/6003aeff-24b7-40a5-800a-e133134cdb2b%40googlegroups.com.
Reply all
Reply to author
0 new messages