I have a very simple driver that I am using to send email and text notifications via very simple Node/REST server running on a RPi.
Am interested in securing things a bit better now that HE is using HTTPS.
The first thing I want to do is make my calls using https. I assume (hope) this is fairly straightforward. Note: I can handle the Node end, not sure about the HE groovy side. Currently using a basic async post call..
The next thing maybe is some sort of token validation. Was thinking about having a simple token generated on the Node server side (via a command line utility on the terminal) that gets stored in a config file and the user simply enters it in the driver config settings in HE.
Is this an okay thing to do or should I consider something else like cert validation? I just want to dissuade casual hacking/hijacking of the Node server more than anything else..
Any thoughts would be appreciated..