Forums

OverviewFelgo 2 Support (Qt 5) › Is this secure to send OneSignal notifications from app with REST API ?

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #20533

    Jean-Marc

    Hi,
    As the Felgo OneSignal plugin is intended to tag users to receive notifications, what is the method to send notifications from within the application ?
    Actually I’m using HttpRequest and OneSignal REST API to send notifications from users to users with the app, and it works pretty well… but I was wondering about the security about the REST API key, because OneSignal tells to not use this key in the app !
    Is there another way to do that ? Maybe I’m wrong and I ignore some more secure methods to do that…
    I was thinking about storing the REST API key in our database server and load it at the app launch to avoid setting it in the code of the app, but finally it would be the same because we’re using a REST API as well to access our database… ^^
    I have the feeling that I’m not doing it the right way, so if someone can enlight me about that, it would be nice đŸ™‚

    Best,
    Jean-Marc

    #20581

    Alex
    Felgo Team

    Hi,

    The plugin exposes the OneSignal SDK to QML, for registering the device to the OneSignal service in order to receive notifications. It also supports sending tags with the OneSignal SDK, e.g. using https://felgo.com/doc/vplayplugins-onesignal/#sendTag-method.

    To avoid triggering the notifications from the app, you can also use your backend server. For example with php, using curl: https://felgo.com/doc/plugin-onesignal/#sending-push-notifications. This way you can actually tie notifications to a certain business use-case, which e.g. also includes database modifications. Also, you can limit the publicly available interface only chosen features and have full control (and responsibility) over security.

    Regardless, the app will use http requests for server communication in the end. If the REST key in the QML code is compiled with RESOURCES and sent https encrypted it is not easily decodable and you should be safe.

    Cheers,
    Alex

Viewing 2 posts - 1 through 2 (of 2 total)

RSS feed for this thread

You must be logged in to reply to this topic.

Voted #1 for:

  • Easiest to learn
  • Most time saving
  • Best support

Develop Cross-Platform Apps and Games 50% Faster!

  • Voted the best supported, most time-saving and easiest to learn cross-platform development tool
  • Based on the Qt framework, with native performance and appearance on all platforms including iOS and Android
  • Offers a variety of plugins to monetize, analyze and engage users
FREE!
create apps
create games
cross platform
native performance
3rd party services
game network
multiplayer
level editor
easiest to learn
biggest time saving
best support