[Jean-Marc]

Hi,
As the Felgo OneSignal plugin is intended to tag users to receive notifications, what is the method to send notifications from within the application ?
Actually I’m using HttpRequest and OneSignal REST API to send notifications from users to users with the app, and it works pretty well… but I was wondering about the security about the REST API key, because OneSignal tells to not use this key in the app !
Is there another way to do that ? Maybe I’m wrong and I ignore some more secure methods to do that…
I was thinking about storing the REST API key in our database server and load it at the app launch to avoid setting it in the code of the app, but finally it would be the same because we’re using a REST API as well to access our database… ^^
I have the feeling that I’m not doing it the right way, so if someone can enlight me about that, it would be nice 🙂

Best,
Jean-Marc

[AlexFelgo Team]

Hi,

The plugin exposes the OneSignal SDK to QML, for registering the device to the OneSignal service in order to receive notifications. It also supports sending tags with the OneSignal SDK, e.g. using https://felgo.com/doc/vplayplugins-onesignal/#sendTag-method.

To avoid triggering the notifications from the app, you can also use your backend server. For example with php, using curl: https://felgo.com/doc/plugin-onesignal/#sending-push-notifications. This way you can actually tie notifications to a certain business use-case, which e.g. also includes database modifications. Also, you can limit the publicly available interface only chosen features and have full control (and responsibility) over security.

Regardless, the app will use http requests for server communication in the end. If the REST key in the QML code is compiled with RESOURCES and sent https encrypted it is not easily decodable and you should be safe.

Cheers,
Alex