burpy
May 10, 2019, 10:11am
1
I would be happy if you would allow https (not only http) in a callback URL in the Bridge HTTP-API.
In my case the server that is receiving the callback supports HSTS (HTTP Strict Transport Security) and if I put only http:// in the callback url it does not the redirection to the https.
Thanks!
2 Likes
Stephan
May 10, 2019, 11:12am
2
There is a similar existing feature request you might want to contribute to:
Product name
NUKI Bridge
Summary
Enabling TLS encryption and POST requets for HTTP API for more network security.
Features
TLS encryption for transport (HTTPS)
POST requests for HTTP-API usage so commands could not be sniffed on the network (TCP/IP level) – obsolet if strict TLS v1.3 implementation is in place
Reason
Encryption of data transmission even in an local home network must the encryptet for security and trust. The Smart Lock is a security relevant device an therefore confidentialit…
burpy
May 10, 2019, 12:23pm
3
I already use the hash instead of the token, but I need the https:// only for the callback url. I don’t need it for the HTTP-API itself.
Any updates on this request?
would also need https callbacks … is there anything planned ?