GCM push sender / server limit of 100 - google-cloud-messaging

I have my push notifications working fine for my mobile Android app
through GCM, but have a specific question about my environment. My
app would like to be able to receive pushes potentially from more than 100
senders (servers) and the comments (see below) in the documentation confuse me.
Basically consider this situation...
I registered my project on the Google Dev Console and obtained my
project number (aka - sender ID) and my server key. For the latter
I did NOT specify specific IP addrs.. just left the field blank.
My app boots and does a "register" with this one single sender ID
and receives the registration key.
I send this registration key to my 500 "source" servers, and these servers also
have the SAME server key.
So again to summarize... my 500 servers that want to send pushes to the phone would
ALL be using the SAME server key and the SAME registration ID.
Simple question.. is this allowed? If so, what do all the restriction warnings mean
(below) from the GCM docs.... and if not allowed, I want to understand technically
why this is not allowed.. for example, does the GCM server monitor and keep
track of server keys and the source IP they are from?
Thanks so much - been searching for days and cannot get a real hard answer
I feel I can trust. My whole development project design hinges on the truth in
this matter - ha ha !
Receiving Messages from Multiple Senders
"GCM allows multiple parties to send messages to the same application. For example,
suppose your application is an articles aggregator with multiple contributors, and
you want each of them to be able to send a message when they publish a new article.
This message might contain a URL so that the application can download the article.
Instead of having to centralize all sending activity in one location, GCM gives you
the ability to let each of these contributors send its own messages.
To make this possible, all you need to do is have each sender generate its own project
number. Then include those IDs in the sender field, separated by commas, when requesting
a registration. Finally, share the registration token with your partners, and they'll
be able to send messages to your application using their own authentication keys.
Note that there is limit of 100 multiple senders."
or worded another way in some other doc ....
Receiving Messages from Multi-senders
"GCM allows multiple parties to send messages to the same client app. For example,
suppose the client app is an articles aggregator with multiple contributors, and
each of them should be able to send a message when they publish a new article. This
message might contain a URL so that the client app can download the article. Instead
of having to centralize all sending activity in one location, GCM gives you the ability
to let each of these contributors send its own messages.
To make this possible, make sure each sender generates its own sender ID. See the
client documentation for your platform for information on on how to obtain the GCM
sender ID. When requesting registration, the client app fetches the token multiple
times, each time with a different sender ID in audience field.
Finally, share the registration token with the corresponding app servers (to
complete the GCM registration client/server handshake), and they'll be able to
send messages to the client app using their own authentication keys.
Note that there is limit of 100 multiple senders."
and even in some register code I saw.....
chrome.runtime.onStartup.addListener(function() {
chrome.storage.local.get("registered", function(result) {
// If already registered, bail out.
if (result["registered"])
return;
// Up to 100 senders are allowed.
var senderIds = ["Your-Sender-ID"];
chrome.gcm.register(senderIds, registerCallback);
});
});

Related

Twiio resend SMS (within short intervals) - What is the expected behaviour

I am using an Identity and Access Management(IAM) vendor who provide a Multi-Factor Authentication (MFA) Service (using SMS and other channels). They use Twilio as their SMS service provider and what I see currently is a behaviour (described in the scenario below) from my IAM provider which is strange and wondering what the underlying Twilio API's behavior is.
I am unable to see this info from the Twilio API docs hence seeking assistance.
Scenario:
Customer uses IAM to login and my IAM provider using Twilio sends a OTP
The OTP comes through but in my test case, I trigger the resend OTP process
In both the steps, I get the right message (the template and senderID that we have configured in the IAM tool)
If I now trigger the OTP resend process a second time (3rd OTP in total for the same number), we receive a message which has AUTHMSG as the senderid and uses a default template message (which is different from what we have configured).
I am working with my IAM vendor to understand what is happening here and I am trying to see if Twilio is playing a part in this (trying to do some smarts as they think that there is some SMS delivery issue - which is the message I am in a way communicating by hitting the resend OTP multiple times)
Is AUTHMSG a senderID that is owned by Twilio? I don't believe so but I am trying to better understand this space.
SenderID is a construct that varies from country to country. Some Contries mandate that users register it with the local regulators while in other countries there is no explicit registration process.
I am worried that if my customers receive this message, they are going to be confused and suspect a Spam/Phishing kind of an activity.
I attempted a similar exercise with PayPal and they were consistent in their SMS OTP Resend. The message was always the same. Unlike my IAM provider, PayPal sends OTP from multiple mobile numbers. In my tests I observed them sending OTPs from two distinct mobile numbers.
Would be glad if someone could assist and provide info in this space.
I will continue to work with my IAM provider and their support channel to see what is happening here.
When using Twilio Verify in a country that supports alphanumeric sender IDs, Twilio uses the AUTHMSG sender ID and registers it with countries around the world that require this, to ensure the best deliverability of OTP messages.
I think you will need to work with your IAM provider, and work out how they have implemented sending OTP messages to see what is going on here. If it is unclear, then you or the IAM provider may also have to contact Twilio support.

Two registration IDs active on one device

I have my app running on a Nexus 5 (Marshmallow) which has 2 active registration ids. Just want to know if that is normal by GCM behavior?
Here's how it's causing me trouble:
Android M has come up with Group permissions - which means the user chooses whether or not he wants the app to have access to his device identifiers (Android ID). Let's assume he denies it and I can't identify the device. The way my app functions is that a user can log in from multiple devices, all of which remain in sync. Because a user can be on mulitple devices, I must handle multiple registration IDs to send push messages (and I cant be sure of the number of devices the user is on, as they can deny providing the device identifiers). This means that I cant delete/update any registration ids on the server side, but only send every push message to all recorded IDs against a user, in the hope that all the devices on which that particular user is signed in will receive the messages.
Because I have a device which has two active registration IDs, I am getting 2 notifications for everything.
On the client end, we were noticing frequent changes in the Registration IDs, we have a class that keeps generating registration ids and updating the server.
Having multiple registration Ids can be a bug in the client app (which you have to deal with).
And the only way to ensure that there will only be one notification being sent per device is to implement canonical IDs on the server side. It is included in the webservice response as "canonical_ids".
Canonical IDs
If a bug in the client app triggers multiple registrations for the same device, it can be hard to reconcile state and the client app might end up with duplicate messages.
Implementing canonical IDs can help you more easily recover from these situations. A canonical registration ID is the registration token of the last registration requested by the client app . This is the ID that the server should use when sending messages to the device.
If you try to send a message using an old registration token, GCM will process the request as usual, but it will include the canonical ID in the registration_id field of the response. Make sure to replace the registration token stored in your server with this canonical ID, as eventually the old registration token will stop working.
Here is a related issue
android GCM get original id of canonical id which tackles how canonical ids work in the actual code

Login and Verify with only phone number using Nexmo or Twilio

This is an authentication flow, which logs in the user with only the phone number provided (Whatsapp style). The Steps are:
User enters phone number and sent to server.
Server generated 4 digit random key, and save the pair (phone,key) in DB.
Server asks 3rd party SMS service to send key to phone.
SMS service sends message.
User enters the key from sms, and together with phone, sent to server.
Server checks the pair against the DB.
If pair exists, server sends back a token for further calls.
What I am trying to understand is where services like Twilio and Nexmo fit in (or replace parts of the flow).
From what I understand, looking at Nexmo for example,
I can replace steps 2 and 3 with an API call to:
https://api.nexmo.com/verify/
and save the request_id from the response in the DB as pair (phone,request_id).
And now, when the user enters a 4 digit code and sends it back,
I need to call:
https://api.nexmo.com/verify/check/json
providing it with request_id and code.
But where do I get the request_id?
Do the server needs to send it back to the client, the moment it gets it from Nexmo?
I can't see the benefits of using Nexmo here, what will it save me?
Answer to your first question: the request_id is part of the response to the first verify API call. See: https://docs.nexmo.com/index.php/verify/verify
As to what are the benefits of Nexmo here, I believe you have two options:
Generate your own code, use Nexmo to text it to your user, have the user submit the code back to your application, verify code against your own database.
Use Nexmo verify service to generate and send the code to the user, store the returned request_id in your db, have user submit code to your application, call Nexmo verify API to validate code.
In some ways the first option is easier as it is less API calls. However the benefit of the second option, using Nexmo Verify, is that they provide a whole lot more capabilities into the service to fall back to a voice call if SMS isn't working, filter out virtual phone numbers to prevent spam, you don't have to pay for failed SMS attempts, reporting/analytics, etc. etc.
Hopefully that helps a little.

Building a GPS Tracking Web System

I'd like to develop a tracking system using an API of course (like the famous Orange API).
the idea is simple:
I send a SMS (from my Web interface) to the person i want to track
The person's mobile terminal (GPS like this) send me back automatically
the coordinates by SMS.
The sent information are displayed on the user's web interface.
The questions are simple:
How the terminal can send automatically the response?
How to indicate in the message that the information is for "user4655"?
How to make connection between the information and the database?
Thanks,
Regards.
* How the terminal can send automatically the response?
Ans: You set the gateway and the time intervals you want the device to send the sms to on the device itself.
* How to indicate in the message that the information is for "user4655"?
Ans: The gateway you use will have the API to determine that the number it is sent from. The device will use a registered phone number from either a sim or enabled by one of those cell providers.
* How to make connection between the information and the database?
Ans: I dont understand this. But I'm guessing you will have a database to keep track of the user data. You'll just probably need another table that is a child of the user, which has a list of the data and the time they came in.

how to handle multiple devices when using Push Notification?

I am developing an application in which I want to use push notification service. I have a server, now I want to know that
How do I handle multiple devices?
Is there a unique device id/name for every iphone?
Suppose I want to delete request for a specific device token, so how do I handle multiple users?
Is there a way I can generate unique name for every device through application?
You should really read the APNS documentation, this is all explained in depth there.
The short answer is that when you launch an app on the phone it requests a push notification key from the OS. You then take that key and send it back to your server. Your server uses that key when it sends a push via Apple's servers to indicate the devices to send the push out to.
The service just gives you a token. If you want accounts or device names you need to come up with them and store them with the credentials on your server.
You handle multiple users by same way you handle single users, you send message with the appropriate key to the service.
As for deleting a request, you can't. It is like a text message, there may be some latency before hits the device, but the moment you commit the push it could be delivered instantly.