I'm building an IoT product for selling, from scratch, no company behinds me, therefore, I'm doing all by myself and from time to time I have some questions which some times takes too long to answer.
Mostly this happens because I'm gonna sell the product, so I'm trying to solve all those issues by implementing the safest/accurate solution I can find. (Thanks for reading so far! - I needed to add some context).
This product prototype built in an arduino communicates with an MQTT Mosca server. This is still unsecure (I haven't replaced the credentials by CA certs yet). On the other hand I have a webapp (I haven't built the mobile app yet) where users will be able to login with it after creating their profile by registering themself. When they are in, they will be able to see the discovered devices (my product).
My challenge in here is, how to keep the client (website) connected to the MQTT Mosca server to get it updated with event changes from my product or, publish events from the website (by a button pressed) to the arduino to tell him "do this"?
Maybe my question is idiotic, sorry in advance. I thought on implementing like paho js with websockets and write/add those libraries on the website (client side), but I still don't know how to do not expose sensible data like mqtt credentials or certificates.
On the other hand, same question for a mobile app, which is the best or unique approach to connect the mobile app with MQTT and get the same results?
I hope I could explain myself correctly on what I'm looking for.
Thank you very much!