Endpoint registration is the process of initial communication setup that ensures that the endpoint is registered within the Kaa server along with the corresponding security credentials and the endpoint profile. It is not until the endpoint registers on the server that the Kaa framework services become available to the client application. During the process of registration, the Kaa endpoint communicates with one or multiple Bootstrap servers to resolve the actual list of Operations server(s), and with an Operations server to submit the endpoint data and complete the registration.
The Endpoint SDK generates a security key pair during the initial client boot-up. By default, Kaa uses the RSA algorithm with a 2048-bit key. The key pair is used to ensure the endpoint authenticity and message integrity in different transport implementations. The public key is transferred to the Operations server during the registration in order to identify and verify endpoint requests.
Initially the Kaa Endpoint SDK does not include any information about Operations servers for security and load-balancing reasons. Instead, during the SDK generation, the Control server embeds a list of available Bootstrap servers into the SDK (using a properties file for Java implementation, a header file for C++, etc.). The endpoint selects a random Bootstrap server from the list and sends a Resolve request to the selected Bootstrap server. The Resolve request contains the application token that can be used by the Bootstrap server in some load-balancing strategies. The Resolve response contains a prioritized list of Operations server connectivity details and is signed with the Bootstrap server's private key. The endpoint verifies the signature of the response by using the Bootstrap public key available from the build time parameters and retains the received information.
The endpoint selects the first entry with the highest priority from the Operations server list and uses it for the registration request. If there are multiple Operations servers with top priority, the endpoint uses a random one for load balancing purposes.
A profile registration request contains the following information:
- Application token
- Endpoint public key
- Endpoint profile body
- Schemas version information (versions of the profile, configuration, notification, event class families and other schemas).
The Operations server stores the endpoint profile and schemas version information for processing future requests. Kaa uses the SHA-1 hash of the endpoint public key as the endpoint identifier across the system.
With a successful registration, the Operations server responds with a message that contains the current application state information.