I have developed an electronic device that connects to AWS IoT Core service through MQTT protocol. Now I can connect, publish and subscribe topics. The device has some inputs (i.e. buttons) and outputs (i.e. relays).
Now I want to develop a mobile or web application to let an authorized user read inputs status and read/write outputs. More than one user could be authorized to control a single device.
What it's not clear to me, but I have no knowledge of backend technologies, is how to manage users, i.e. mobile/web app.
One strategy is to create a new Thing for each User, with its own certificate. The web/mobile app uses MQTT protocol as the electronic device. Topics can be used as a chat channel: the user asks for inputs status and the device answers with updated status.
Another strategy could be to create a HTTP API (maybe with AWS Gateway API) that web/mobile apps use. The API is programmed to publish and subscribe topics. The user should have a IAM access.
I know I could user Device Shadow, but I don't think it's a good soltion in my use case. The status of inputs can change frequently (maybe 1000 times a day), but the user wants to retrieve the status through the mobile/web app only sometimes (one a day or less frequently). It's seems it's useless to send so many messages to keep the shadow updated.
