Custom Server Endpoints

Owned by Ricky Goldfarb
Last updated: Jul 18, 2024
2 min read

OpenKitchen is an open platform, and 3rd parties can implement their own OpenKitchen server-side platform that can interface with CWMs and OKEs. Only ConnectWare2 implementations support redirecting server requests to custom endpoints. Please consult with Powerhouse Dynamics to determine which CWM implementations support custom endpoints and other usage restrictions.

Custom Endpoints may be configured on the CWM that causes OKC HTTPS communication to be redirected to servers other than the standard ones hosted by Powerhouse Dynamics. The servers providing the custom endpoints are not managed or supported by Powerhouse Dynamics, however they must implement the OK protocol just as the Powerhouse Dynamics OKC servers do. The OKC protocol interface is documented in the OpenKitchen Message Specification and the OpenKitchen Provisioning Specification.

Custom Endpoint configuration includes:

  1. DNS name of the provisioning server

  1. DNS name of the push server

  1. DNS name of the pull server

  1. Root CAs certificates for verifying the provisioning, push, and pull servers certificates

  1. Client provisioning certificate

  1. Client provisioning certificate private key

  1. Root CA certificates for verifying the client provisioning certificate

The CWM allows the DNS names of the three servers to be unique or identical to the others. The CWM will minimally support a DNS name with up to 64 characters. Certificates are PEM encoded X.509 format and must be less than 4096 bytes in length. Certificate bundles are not supported; each certificate is configured and managed separately.

Security Considerations

 It is recommended that Custom Endpoint implementors manage their own signing authority for client and server certificates. Since CWM implementations have limited Root CA certificate capacity, it can be problematic to rely on external signers since the Root CA chains can vary over time (requiring the configuration of many Root CAs) and can have inconvenient expiration dates for a product deployment (requiring ongoing certificate update and management burden). These issues can be mitigated when the signing is managed internally since the Root CA chain can be consistent over time and the expiration dates aligned with the product deployment timeframe.

Basic Custom Endpoint Operation

 Once configured with a Custom Endpoint the CWM will contact the provisioning server using the client provisioning certificate. The provisioning server will return an authentication token for the CWM. Once the authentication token is known the CWM will begin sending OKE and CWM telemetry to the push server. When a message must be sent to the CWM or the OKE the push server sets a flag indicating that there is a pending pull request. The CWM will make a request to the pull server to fetch the message.

CWM Implementations

 Different versions of CWM hardware and firmware will support different mechanisms and have different limitations for configuring Custom Endpoints. Typical configuration mechanisms include custom firmware images, configuration via embedded HTTP server API with a mobile APP, and configuration via the OKE user interface. Please contact a Powerhouse Dynamics representative to receive up to date information pertaining to which CWM hardware and firmware versions support which configuration mechanisms and which limitations may be in effect.