Bosch IoT Asset Communication

Auth for device provisioning

images/confluence/download/attachments/967863600/auth-provisioning.png

At the time of provisioning a device you can authorize the API request using a Suite authorization token.

Find details at Create a Suite Auth client on how to create a client and issue a valid token.

With the provisioning request you can also set the device credentials and a thing policy. While the Bosch IoT Hub service requires a globally unique device ID and the Bosch IoT Things service requires a globally unique thing ID, when working with the Device Provisioning API you will need identifiers following the pattern: my.namespace:my-device-name-01. The namespace must be separated by a colon (:) from the rest of the device identifier in order to satisfy all requirements towards a trustful and unique naming.

Identifiers which you can set with a provisioning request are listed below:

  • The device ID

    • This is by default identical with the thing ID: e.g. my.namespace:my-device-name-01.

    • The same ID as for the thing is mandatory, since the package needs the trust between Bosch IoT Hub and Bosch IoT Things notation.

  • The device authentication ID and credentials

    • The device authentication ID (authID) is by default similar with the device ID but replaces the colon character with an underscore: e.g. my.namespace_my-device-name-01.

    • However, you can set any identifier e.g. device serial number.

    • The type of credentials supported for username/password based authentication are: plain text and base 64 encoded.
      See Bosch IoT Hub documentation for details.

  • The thing ID

    • This is by default identical with the device ID: e.g. my.namespace:my-device-name-01.

  • The thing policy

    • The policy ID is by default identical with the thing ID.

    • The default policy entry will contain the Suite authentication client ID as an authorized subject.
      Thus, for changing the policy this authorization subject will be required.

    • However, you can also set other identifiers e.g. user ID, technical client IDs, etc. from the very beginning, or at a later point in time.
      See also Policy examples.