When integrating Pusher with apps for iOS and Android, a common question is how to manage the Pusher app keys and secrets required to connect the mobile app to Pusher.
As the keys can require changing at times, we recommend that you implement a process to manage this change.
This can become necessary, for example, when a key has become compromised.
This ensures that if a key becomes compromised, only that key needs to be changed and other applications will not be impacted.
In the Dashboard for your app you can create additional app credential sets as required:
There are generally two approaches to solving this, each with their own advantages and disadvantages.
Key Included in the App
The most straightforward way of supplying the mobile app with the required key is to include it in the app's code or package.
This requires no further involvement or maintenance unless the key needs to be changed.
If this does happen, a new release of the app through Google Play or the App Store is necessary that includes the updated key.
Key drawbacks of this approach are:
* The turnaround time for publishing new version can be quite long.
* Not all users will install the update quickly.
* For a period, multiple credentials need to be maintained so that all app versions continue to function.
* If a key is actively being abused, it will be impossible to counteract this without shutting down your app entirely.
This method is good for apps where the keys are changed infrequently as it requires no additional overhead once the app is published unless a key needs changing.
In that event, create a new credential pair for your corresponding Pusher app in the Dashboard and include it in the next version of your mobile app.
Do not delete the old pair as this would cause existing installations of your app to fail.
Pusher is unable to restore credentials that have been deleted.
After the new version has been rolled out through Google Play or the App Store, you will need to wait until most users have installed the update before finally deleting the old credentials on the Dashboard.
Keys Supplied from Server
To ensure you can change keys quickly without impairing the functionality of your mobile apps, you can store your keys securely on a server you control and provide them in an encrypted form to the apps on request - instead of including the keys in each app itself.
In this scenario, your mobile app will make a request to your server each time it starts (or immediately before connecting to Pusher) to retrieve the current credentials.
The app will need a way to authenticate and decrypt the response which cannot easily be replicated outside of your app (e.g. by using a shared secret or certificate-based authentication).
This approach allows you to change app keys within minutes and minimal disruption to your app but has the drawback requiring a highly available application server without which your app will not function.
When using this technique, you can change keys by creating a new pair, updating your server with it and removing the old one once most apps have picked up the change.