[konschubert]

> Why do you proxy eveything through your api backend Because it makes development and maintenance soo much easier, faster and reliable. I don't have to debug stuff that breaks on somebody's embedded esp32. If something breaks, it's in the backend and I see it in Sentry.

> Can the device not check the url directly

Yes, it could (with some modifications). But then you need to transmit and store the URL on the device, which requires establishing a bluetooth connection to change it. I am considering to offer this as an option to give myself and other peace of mind.

> Do you respect etags and other caching headers like if-modified-since

Not yet, but I could implement this very quickly if you send me an email and tell me you need this. :) (This is a great example how proxying things though the backend makes development easier: If I wasn't proxying, this change would require a firmware update.)

[pitched]

Instead of having your backend download and retransmit the file, you could return a redirect to it instead? Plus maybe lower the poll rate from a few times per minute to once an hour or so to avoid the need for caching to save battery.

[konschubert]

I could do a redirect (it would require a small firmware update)

But that would still expose your authentication credentials to the backend, so a malicious backend could MITM you.

Reducing the polling is definitely an option, I want to make that configurable very soon.

Btw, the cached data in the backend is encrypted with a token that is only transmitted from the device to the backend during the API request of the device. It's not end-to-end, but it's a step.