I’ve been using the SDK and REST API for some time with good success. However, I’ve started investigating the Socket API which is really easy to get up and going, and I understand it’s attraction when you can’t use the API (unsupported hardware) and need a low-bandwidth solution.
I’m about to start trying to get it working using SSL encrption, and wondered whether this is even possible? That is, does the Hologram Socket API support Encrpted use (the information page is silent on this aspect?
It may be that to do so, would increase bandwidth way to much, but the original question remains.
If your key is compromised the game is over for your application. However, I do note the good suggestion at the following link suggesting how the key can be changed on the fly by SMS’ing a new one to the device.
I’ll reply to my own post here. It’s a bit of a voyage of self-discovery regarding how to use the SocketAPI in a secure manner, with not a lot of information on this aspect on these forums.
As far as I can see, using SSL with the socket API is counterproductive - I’m not sure if it can be done, but it is somewhat pointless since it involves a large traffic overhead. Better to use the Socket API unencrypted, as is does support a number of password authentication schemes, using different data available to the device (but not a hacker). The default being Time-based One Time Password (TOTP).
All very well if you are using the SDK, but the SDK supports a limited range of mostly outdated hardware. Seems you have to reverse engineer the SDK files to figure out how to access the Socket API in a secure manner. Its a real shame that hologram aren’t more forthcoming with how to use this.