Enabling TLS encryption and POST requets for HTTP API for more network security.
- TLS encryption for transport (HTTPS)
- POST requests for HTTP-API usage so commands could not be sniffed on the network (TCP/IP level) – obsolet if strict TLS v1.3 implementation is in place
Encryption of data transmission even in an local home network must the encryptet for security and trust. The Smart Lock is a security relevant device an therefore confidentiality and integrity of the communication must be default. The Bridge has 230V power supply and therefore power consumption is not a limitation not to use TLS and other security lilke authentication and/or autorization.
POST requests ensures that the API payload could not be sniffed like using GET requests, where the payloud is the URI parameter.
HTTPS Usage of all API URIs