Auth for device provisioning
At the time of provisioning a device you can authorize the API request using a Suite authorization token.
Find details at Create a Suite Auth client on how to create a client and issue a valid token.
With the provisioning request you can also set the device credentials and a thing policy. While the Bosch IoT Hub service requires a globally unique device ID and the Bosch IoT Things service requires a globally unique thing ID, when working with the Device Provisioning API you will need identifiers following the pattern: my.namespace:my-device-name-01. The namespace must be separated by a colon (:) from the rest of the device identifier in order to satisfy all requirements towards a trustful and unique naming.
Identifiers which you can set with a provisioning request are listed below:
The device ID
This is by default identical with the thing ID: e.g. my.namespace:my-device-name-01.
The same ID as for the thing is mandatory, since the package needs the trust between Bosch IoT Hub and Bosch IoT Things notation.
The device authentication ID and credentials
The device authentication ID (authID) is by default similar with the device ID but replaces the colon character with an underscore: e.g. my.namespace_my-device-name-01.
However, you can set any identifier e.g. device serial number.
The type of credentials supported for username/password based authentication are: plain text and base 64 encoded.
The thing ID
This is by default identical with the device ID: e.g. my.namespace:my-device-name-01.
The thing policy
The policy ID is by default identical with the thing ID.
The default policy entry will contain the Suite authentication client ID as an authorized subject.
Thus, for changing the policy this authorization subject will be required.However, you can also set other identifiers e.g. user ID, technical client IDs, etc. from the very beginning, or at a later point in time.
See also Policy examples.