...
LIPI_HTTP_SCHEME='https'
Possible Values:
http,https
REQUIRE_API_KEY_IN_NOTIFICATIONS='no'
Security and privacy considerations
The LIPI_HTTP_SCHEME should only be set to http for testing purposes, as this means that users' positions will be sent unencrypted between LIPI and the user devices.
The REQUIRE_API_KEY_IN_NOTIFICATIONS variable should be set to “yes” in production, otherwise it is theoretically possible for malicious users to pose as a CMX server and inject position and user data into the LIPI, which could cause service disruptions.