• Replies 2 replies
  • Subscribers 16 subscribers
  • Views 75 views
  • Users 0 members are here
Options
Related

Guidance on Connect IQ networking (HTTP vs HTTPS and certificate handling)

4780266
6 days ago

Hello,

I’ve searched through related topics in this forum, but I’d still like to have firm confirmation/answers from some of the senior developers here or from Garmin staff if possible.

I have several questions about Connect IQ app networking behavior and limitations:

  1. HTTP support

    • Does Communications.makeWebRequest() only support https:// and reject http:// (including local/RFC1918 addresses)?

    • Is there a way to enable plain HTTP access bypassing the HTTPS requirement?

  2. Direct connectivity path (watch Wi-Fi vs. phone proxy)

    • Can a Connect IQ app open connections directly over the watch’s Wi-Fi to a server on the same subnet (e.g., 10.x.x.x), or must all traffic proxy via Garmin Connect Mobile?

    • If direct Wi-Fi is supported, are there conditions where transport silently falls back to the phone path?

  3. Certificate acceptance for HTTPS

    • Does makeWebRequest() require a chain to a publicly trusted CA stored on the device?

    • Are self-signed certificates unsupported?

    • Is there a way to configure makeWebRequest() to accept a locally generated certificate with a long expiration date?

    • Are SSL certificates from Let’s Encrypt currently trusted in Connect IQ apps?

  4. Hostname/IP considerations

    • If HTTPS is required, can validation succeed when addressed by IP (with the IP in the certificate SAN), or is a DNS hostname required?

    • Is split-horizon DNS supported (public hostname resolving to a local LAN address while offline), and are there caveats?

  5. Alternatives to HTTP(S)

    • Beyond makeWebRequest(), are there non-HTTP transports (e.g., TCP/UDP sockets, mDNS service discovery, BLE/GATT to a local gateway) available to Connect IQ apps for local-only communication?

  6. Potential accommodations

    • Would it ever be feasible to:

      • Allow HTTP requests to RFC1918/link-local destinations only?

      • Support certificate/public-key pinning per hostname within CIQ?

      • Allow an app-scoped custom trust anchor for a specific hostname (so global trust remains unchanged)?

Development Environment (for reference):

  • Connect IQ SDK/API: 8.2.3

  • Device: vívoactive 5

  • Network path: watch Wi-Fi and/or via Garmin Connect Mobile

Thanks in advance for any guidance on these points!