Bosch IoT Device Management

Auth for forwarding device data via connections

The connections from the device connectivity layer to the digital twin layer and from the digital twin layer to the device management layer are managed within the digital twin layer.

As soon as your subscription is successful, the connections are already set up.

You can read the default settings (or change the settings if needed) via the Connections UI.

images/confluence/download/attachments/1634790205/connections-ui.png


Device integration: forwarding device data the device connectivity layer to the digital twin layer

The pre-configured connection is called "Devices via Bosch IoT Hub".

When your device will later try to send its data to the device connectivity layer, the data will be forwarded to the digital twin layer respectively, based on the authorization subject of the connection sources.
By default, the subject within the connection is created automatically, and follows the pattern:
integration:<your-things-solution-id>:hub.
In order to authorize a change (e.g. set new sensor measured value as a feature property value) the things policy is applied. Thus, please note, that the authorization subject in the connection sources will additionally need write permission in terms of the thing policy.

For an update (put) thing request, write thing permissions should be sufficient. However, with read and write you will be on the safe side for such a scenario (because write does not implicitly include read permissions).

Device integration: forwarding device data from the digital twin layer to the device management layer

The pre-configured connection is called "Device Management".

When your device will later try to send its data, it will be forwarded to the device management layer respectively, based on the authorization subject of the connection targets.

By default, the subject within the connection is created automatically, and follows the pattern:
integration:<your-service-instance-id>_things:iot-manager

The Apache Kafka connection is uni-directional, thus the device management layer cannot send changes back to the digital twin layer, but only get data.