Can any Secure Connection Required exceptions be carved out?

The Phillips Hue API unfortunately doesn't support HTTPS. The connection is a local 10.X.X.X address, so it's non-routable, meaning I can't put a Letsencrypt HTTPS proxy in front of it as a workaround.

My question, is there any possibility of a work around for IoT hubs that use plain HTTP over 10-dot addresses? It seems like this could be a pretty big segment that's now rendered unusable (?)

Travis.ConnectIQ over 7 years ago

Technically you could put an external proxy in front of it, but to do that you'd have to expose the HTTP port of your Hue hub (via the public IP address of the router and DMZ or port forwarding) so that the proxy could forward requests to it. I don't think that would be a good idea, but it seems that it would work.

You could also use a LAN-side web server with properly configured SSL to forward requests, but this is way more overhead than any normal user would be willing to do to get it to work.

Personally, I think the proper solution is to get access to the remote API service provided by the folks a Phillips (see here). I have no idea if you'd be able to get access or not, but it seems that they're at least entertaining the idea of letting developers access it.

I will bring this up with the team, but I have doubts that it is something we'd do given that most everything is moving toward HTTPS.

asandweech over 7 years ago

You might also be able to get away with using the mobile SDK to write a partner app that handles these requests for the watch. I believe you would have to change the ATS iOS settings for your specific app to allow for these requests, but it should be doable. Whether it gets approved by the app store is another question. Would be a bit easier on android.