I am developing a SmartApp for SmartThings and this app needs to send data to a REST server on Internet. For Security reasons my company want to restrict access to SmartThings Cloud Server for that REST server. I did some tests and found out that the Cloud is actually a group of US Amazon EC2 servers, but I don’t Know any information about wich IP’s they can have. I already contacted SmartThings by e-mail, but didn’t had any answer.
Can anyone help me with that?
[quote=“emival, post:1, topic:18819”]
Can anyone help me with that?
[/quote]My guess is they’d not want to give out those specifics for any number of reasons, including the fact that it would be subject to change at any time (esp if they are using EC2)
Why not implement oauth2 in your endpoint (or really any kind of authentication/shared secret/access token/insert standard security here) to validate requests.
2 Likes
Yep this. The amazon instances are going to be variable. You need to authenticate any connection to your web service with oAuth.
Amazon do publish their IP addresses. Again, they will change over time, so you will need some kind of mechanics that will dynamically update your whitelist IP addresses on your end.
http://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html