Application Server authentication
The connection between the KPN Network Server and the customer Application Server uses two separate authentications (one for the Application Server and one for the Network Server), which together lead to mutual authentication:
- The customer Application Server needs to have a valid SSL certificate.
- Within the application data stream an authentication token is used to validate authenticity of the data.
These two levels of security are used both in uplink and downlink messaging. Uplink messages are forwarded by the KPN LoRa server to the customer Application Server by using an HTTPS POST request. Within the connection setup the identity of the customer Application Server is validated by checking the SSL certificate.
Sending downlink messages
There is a possibility to send downlink messages from an Application Server to an End-Device. The topic on reference code provides information on the programming of this feature.
Receiving and decoding messages on the Application Server
After decryption of the payload of a message (using the AppSKey, see the reference code for example code), the payload still needs to be decoded. All payloads are hexadecimal, meaning they have to be interpreted (decoded) in some way to be used in an application. The decoding scheme depends solely on what the device manufacturer programmed in your device.
For instance, some devices use a simple hex-to-string function where each byte can be translated to a readable character.
Other devices identify a subset in your payload (for instance the first 4 bytes) and translate that from hexadecimal to decimal to get a sensor value. Please refer to (a manual from) your manufacturer to get the correct decoding scheme,