[phanimahesh]

Why do you proxy eveything through your api backend? Can the device not check the url directly? Also, does the checking result in full image download always or do you respect etags and other caching headers like if-modified-since?

[konschubert]

> Why do you proxy eveything through your api backend Because it makes development and maintenance soo much easier, faster and reliable. I don't have to debug stuff that breaks on somebody's embedded esp32. If something breaks, it's in the backend and I see it in Sentry.

> Can the device not check the url directly

Yes, it could (with some modifications). But then you need to transmit and store the URL on the device, which requires establishing a bluetooth connection to change it. I am considering to offer this as an option to give myself and other peace of mind.

> Do you respect etags and other caching headers like if-modified-since

Not yet, but I could implement this very quickly if you send me an email and tell me you need this. :) (This is a great example how proxying things though the backend makes development easier: If I wasn't proxying, this change would require a firmware update.)

[pitched]

Instead of having your backend download and retransmit the file, you could return a redirect to it instead? Plus maybe lower the poll rate from a few times per minute to once an hour or so to avoid the need for caching to save battery.

[konschubert]

I could do a redirect (it would require a small firmware update)

But that would still expose your authentication credentials to the backend, so a malicious backend could MITM you.

Reducing the polling is definitely an option, I want to make that configurable very soon.

Btw, the cached data in the backend is encrypted with a token that is only transmitted from the device to the backend during the API request of the device. It's not end-to-end, but it's a step.