Bosch IoT Device Management

Auth for device provisioning

images/confluence/download/attachments/1634790194/auth-provisioning.png

At the time of provisioning a device you can authorize the API request using a Suite authorization token.

Find details at https://accounts.bosch-iot-suite.com/oauth2-clients on how to create a client and issue a valid token.

images/confluence/download/attachments/1634790194/authclient-per-subscription.png

With the provisioning request you can also set the device credentials and a thing policy.
While the device connectivity layer (Bosch IoT Hub) requires a globally unique device ID and the digital twin layer (Bosch IoT Things) requires a globally unique thing ID, when working with the Device Provisioning API you will need identifiers following the pattern: my.namespace:my-device-name-01.
The namespace must be separated by a colon (:) from the rest of the device identifier in order to satisfy all requirements towards a trustful and unique naming.

Identifiers which you can set with a provisioning request are listed below:

  • The device ID

    • This is by default identical with the thing ID: e.g. my.namespace:my-device-name-01.

    • The same ID as for the thing is mandatory, since the system needs the trust between Bosch IoT Hub and Bosch IoT Things notation.

  • The device authentication ID and credentials

    • The device authentication ID (authID) is by default similar with the device ID but replaces the colon character with an underscore: e.g. my.namespace_my-device-name-01.

    • However, you can set any identifier e.g. device serial number.

    • The type of credentials supported for username/password based authentication are: plain text and base 64 encoded.
      Further the Hub supports certificates, see Device authentication.

  • The thing ID

    • This is by default identical with the device ID: e.g. my.namespace:my-device-name-01.

  • The thing policy

    • The policy ID is by default identical with the thing ID.

    • The default policy entry will contain the Suite authentication client ID as an authorized subject.
      Thus, for changing the policy this authorization subject will be required.

    • However, you can also set other identifiers e.g. user ID, technical client IDs, etc. from the very beginning, or at a later point in time.