< Back to blog
PUBLISH DATE:
UPD:
Volodiya AndrischakVolodya AndrushchakFull-Stack Software Developer

IoT and Node.JS: How to Catch the Opportunity?

Why and how to use Node.js for the server-side of your IoT device?

IoT and Node.JS
Thank you to Oleg Romanyuk for coauthoring this article.

Understand the business opportunity

In 2019, the market revenue of IoT reached $ 212 billion. There are about 26.66 billion connected IoT devices worldwide, and this number is to reach 75.44 billion by 2025. The UN estimates that, in February 2020, the world population is 7.7 billion people. A simple math operation tells us that an average person owns from 3 to 4 IoT devices. Do you have one? Maybe a smartwatch? A smart TV? Or a smart car?

Moving further, the population is expected to reach 8.1 billion people in 2025. The same math calculation shows us that, in 2025, an average person will have from 9 to 10 smart devices in their possession. Do you see where I am leading you to? Do you want to join this prosperous market niche and make your IoT device to be one of these 9 to 10?

Statistics retrieved from Statista and the United Nations.
Statistics retrieved from Statista and the United Nations.

Choose the right framework

The client-side of an IoT device is represented by the hardware itself. It is programmed with C, C++, or Lua – low-level and difficult programming languages. Yet, there is not much you can do about it because of hardware limitations. Along with high performance, the users of IoT devices prioritize low cost and energy-efficiency. Thus, at least for now, you should keep working with low-level languages.

In turn, the server side of IoT applications offers you more freedom of choice. Here, you are not limited by the hardware, so you can choose any coding language and framework you prefer. And we believe that the right one is Node.js. Here is why.

Node.js is fast and performant

First of all, any IoT device is constantly working with dynamically changing data. It means that you need a framework, which would handle real-time applications and heavy data flows. Node.js is built on Google’s V8 JS engine, which is highly effective and perfectly scalable. Thanks to this feature, Node.js is the number one framework to be used with real-time apps and platforms. Constantly changing data is not a challenge for it either.

Node.js is easy to integrate with IoT protocols

IoT applications actively use a publish-subscribe-based messaging protocol MQTT. In turn, for transportation and encapsulation, this protocol uses WebSockets. Both MQTT and WebSockets are well-supported and easily integrated with Node.js.

Node.js modules facilitate IoT development

Node.js is augmented with npm – Node Package Manager, which features a lot of useful IoT modules. There are about 80 packages for Intel IoT Edison, Arduino, or Rasberry Pi. Also, it features over 30 packages for different sensors, beacons, and other tools. This is why Internet of Things IoT development is simpler and faster with Node.js IoT modules.

Node.js is resource-efficient and scalable

In general, developers prefer working with Node.js because it does not require a lot of resources. The CPU and RAM are not overloaded. Also, Node.js is perfectly scalable, which is absolutely necessary for most modern companies. 

Do you want to learn more about the advantages of Node.js development both in IoT and in general?

Read my recent story titled  “What Are the Advantages of Node.JS?”. It is a concise but informative piece of reading, and I promise you will enjoy it.


Beware of the challenges

Entering the IoT niche is a path to success. No wonder that there are a lot of challenges and traps awaiting on your way – success is never easy to achieve. And the first and foremost challenge you should be aware of is security.

Security is one of the top problems in IoT sphere, and one of the first pitfalls you will stumble upon. So what should you do and how?

Secure authentication

Let’s start with authentication. There are a lot of tools for authentication in Node.js: tokens, jwt, auth0, and so on. Each has its advantages and disadvantages. Yet, you should look at them from the perspective of IoT.

On the one hand, tokens are effective but not 100 percent safe. They are a cool way for authentication as they let you identify a specific user and decide whether to grant or to deny them access. A token can be encrypted with any algorithm. However, the hardware (scanners, sensors, hubs, or other IoT things) should store this token or login/password data in firmware. Respectively, attackers can steal the token if they have physical access to the hardware. The same story goes for jwt or auth0. 

On the other hand, we can use any tools for authentication on the server side. You can easily integrate any authentication tool on the Node.js platform. There are a lot of npm (Node Package Manager) packages which allow you to do it manually: auth0, passport, jwt. There are also packages for integration with cloud IoT services: @azure-iot/authentication, aws-iot-device-sdk etc.

Secure HTTP requests

Next, be careful with http requests from your IoT devices. You should check if you get a request from a proper IoT device. Firstly, you should implement HTTPS with your IoT devices. Hardware is not a browser and you should implement HTTPS manually on it. For the server-side, you can either do it manually or use hosting with HTTPS configuration and certificates. In Node.js, it is quite easy to implement:

const express = require('express');
const https = require('https');
const http = require('http');
const fs = require('fs');
const options = {
  key: fs.readFileSync('path/to/your/key.pem'),
  cert: fs.readFileSync(path/to/your/certificate.cert')
};
const app = express();
http.createServer(app).listen(80);
https.createServer(options, app).listen(443);

HTTPS uses SSL or TLS protocols for data encryption. However, to be sure that you have got a request from the necessary server or client, use additional data encryption. For example, this is how you can use signature:

const fetch = require('node-fetch');
const verifier = crypto.createVerify('RSA-SHA1')
const SIGNATURE_FORMAT = 'base64';
//check if it trusted url for your certificate
const trustedUrl = ‘https://trustedUrl/const isTrustedUrl = trustedUrl.match(url);
If (isTrustedUrl) {
verifier.update(req.body, 'utf8')
	fetch(isTrustedUrl)
    .then(certificate => {
	// check signature
const isValidSignature = verifier.verify(certificate, reg.header.signature, SIGNATURE_FORMAT);
   })
    .catch(err => console.log(err));
}

To wrap up this part:

  1. First, you have to check the trusted URL of your certificate. 

  2. Then, you sign a request body by public key from your certificate.

  3. Finally, you compare the signed body with the signature from headers. 

It is extremely important to know that we get requests from proper devices and it is not the middle attack.

Check the examples

Asama – tracking the movement of your employees

asama

Asama is a micro-location system, which uses smartwatches and Bluetooth beacons to track movement and activity of employees. Beacons transmit a regular signal. According to these signals, the smartwatch define the location of an employee. The smartwatch also analyzes whether the right person is wearing it and if the employee is sleeping or working. 

Asama beacon

asama tracker

The data is then transmitted to the mobile app, which is installed and configured on the employer’s phone. The system is powered by Node.js in IoT, and our professional Node.js developers made sure that it works smoothly and securely.

This way, managers can track their employees in real time, find the person they need at once, and optimize the workspace. Also, at the end of the week the employer receives an extensive report on employee activity. All this helps to boost the company's performance and productivity.

This solution might not suit a business with a small office and flexible hours. Yet, it works perfectly for industrial plants, construction sites, factories, warehouses, shopping centers, supermarkets, hotels, security agencies, restaurants, or stores. It suits any sphere where you as an employer need to know if employees are coming too late or leaving too early, being absent at the working place, not working actively throughout the day, or not following routes and schedules.

asama clients

PREE – finding your belongings 

PREE is a system of BLE beacons and mobile software, which helps people to stop losing their stuff. It is a lifesaver for those who often forget their phone, bag, keys, wallet, or any other valuable belongings elsewhere. The user can see the location of their item in real time and share it with trusted contacts. Once the item is out of range, they will get a notification, and so will their friends or family members. Not to spam others with notifications when they are not needed, for example, when at home, the user can mute them for a certain area.

This Internet of Things IoT system is built with Node.js, Express, and Mongo at backend and Ionic with Cordova at frontend. The combination of these frameworks let us ensure the best user experience.

PREE

Validate your idea

Once you have an idea for an IoT product, start with validating it. You can do it in two ways. One – hire an idea validation team, who will help you test the viability of your product before you invest in development. Two – hire a software design and development team, who will launch an extensive product discovery process. 

Do you have an idea for an IoT project?

If you want to learn more about Node.js development or IoT development services, let me offer you a free consultation. Just leave a message and I will get back to you as soon as possible.