Multiple connections and security

I’m going to be using the electric imp for a lighting controller and sensor device. This will be a commercial product. I have an app that I will use to interface with the device via http requests and do blinkup. It’s necessary to allow connections to the device from multiple mobile devices (not simultaneously), and to provide some security. I was thinking part of this would have to be the httpin URL for the Imp, that users could share to their other devices. How should I approach this?

For a commercial device, the blinkup library will give you the agent https URL as part of blinkup. Your app can then generate a key which it can send securely to the agent, which then stores this in agent persistent storage, and uses to validate any subsequent agent accesses.

For multiple users, you’d then need a server which stored these agent URLs and keys under an end-user login.