The document provides instructions for onboarding devices to the Vitalpointz IoT platform. It describes a two step process:
1) Device addition - adding device details to allocate resources and generate credentials
2) Device onboarding - making API calls to authenticate, allocate a device, exchange capabilities, and begin sending data.
Key steps involve generating an activation code during device addition, making authentication, allocation, and capability calls using the activation code and credentials, and then sending MQTT or REST messages with the assigned topic. Considerations for hardware identification and call flows are also discussed.
The document provides instructions for onboarding devices onto the Vitalpointz IoT platform. It describes a two step process:
1) Device addition - adding device details to allocate resources and credentials
2) Device onboarding - making API calls by the device to authenticate, retrieve certificates, and establish secure communication.
A tutorial on how the process of writing an application using a browser’s WebAuthn API, plus how to install a server, how to generate authentication challenges & responses, and how to integrate with related IAM infrastructure.
Code: https://github.com/fido-alliance/webauthn-demo
Live slides: http://slides.com/herrjemand/jan-2018-fido-seminar-webauthn-tutorial#/
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...Ganesh Kumar
With KeyCloak you can setup multiple identity providers from existing social networks or setup user-defined authentication servers and use it to secure all your React applications with ease. In this blog, We elaborate on how to setup KeyCloak server, configure it with Google as its identity provider and use it to secure a simple React application.
Suresh Attanayake is a senior software engineer at WSO2 who will present on enterprise single sign-on technologies including SAML, OpenID Connect, and WS-Trust. WSO2 is an open source software company that provides an integration platform. The presentation will cover common SSO standards and protocols, how they work, and factors to consider when selecting a technology for a given environment.
FOSS STHLM Android Cloud to Device MessagingJohan Nilsson
The Android Cloud to Device Messaging framework allows third-party servers to send lightweight messages to Android applications. It uses existing Google services connections to deliver messages even if the app is not active. Developers must integrate intent receivers and services, register apps with Google, and implement messaging on the server side using registration IDs and authorization tokens.
The document provides instructions for registering an application with the GSMA OneAPI Gateway and using various APIs to send SMS, retrieve location data, and process payments. It outlines the registration process, creating an application, and calling APIs to send SMS, get location with user authorization, and charge payments to phone bills by adding users to a payments sandbox. It provides JSON request examples and response formats.
Build resource server & client for OCF Cloud (2018.8.30)남균 김
This document provides instructions for building an IoT cloud platform and sample IoT devices using IoTivity. It describes:
- The cloud architecture including a resource directory, account service, and message queue.
- How to build and run IoTivity projects including installing dependencies and building sample device and controller projects.
- How to run the resource server (device) and client (controller) projects, including signing up, signing in, publishing resources, and controlling devices remotely.
- Sample code is provided to show how devices can be registered and resources can be controlled via the cloud platform using IoTivity.
The document provides instructions for onboarding devices onto the Vitalpointz IoT platform. It describes a two step process:
1) Device addition - adding device details to allocate resources and credentials
2) Device onboarding - making API calls by the device to authenticate, retrieve certificates, and establish secure communication.
A tutorial on how the process of writing an application using a browser’s WebAuthn API, plus how to install a server, how to generate authentication challenges & responses, and how to integrate with related IAM infrastructure.
Code: https://github.com/fido-alliance/webauthn-demo
Live slides: http://slides.com/herrjemand/jan-2018-fido-seminar-webauthn-tutorial#/
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...Ganesh Kumar
With KeyCloak you can setup multiple identity providers from existing social networks or setup user-defined authentication servers and use it to secure all your React applications with ease. In this blog, We elaborate on how to setup KeyCloak server, configure it with Google as its identity provider and use it to secure a simple React application.
Suresh Attanayake is a senior software engineer at WSO2 who will present on enterprise single sign-on technologies including SAML, OpenID Connect, and WS-Trust. WSO2 is an open source software company that provides an integration platform. The presentation will cover common SSO standards and protocols, how they work, and factors to consider when selecting a technology for a given environment.
FOSS STHLM Android Cloud to Device MessagingJohan Nilsson
The Android Cloud to Device Messaging framework allows third-party servers to send lightweight messages to Android applications. It uses existing Google services connections to deliver messages even if the app is not active. Developers must integrate intent receivers and services, register apps with Google, and implement messaging on the server side using registration IDs and authorization tokens.
The document provides instructions for registering an application with the GSMA OneAPI Gateway and using various APIs to send SMS, retrieve location data, and process payments. It outlines the registration process, creating an application, and calling APIs to send SMS, get location with user authorization, and charge payments to phone bills by adding users to a payments sandbox. It provides JSON request examples and response formats.
Build resource server & client for OCF Cloud (2018.8.30)남균 김
This document provides instructions for building an IoT cloud platform and sample IoT devices using IoTivity. It describes:
- The cloud architecture including a resource directory, account service, and message queue.
- How to build and run IoTivity projects including installing dependencies and building sample device and controller projects.
- How to run the resource server (device) and client (controller) projects, including signing up, signing in, publishing resources, and controlling devices remotely.
- Sample code is provided to show how devices can be registered and resources can be controlled via the cloud platform using IoTivity.
This document discusses connecting Internet of Things (IoT) devices to the FIWARE ecosystem. It outlines two main scenarios: 1) IoT consumers who access data through a single API and protocol, and 2) IoT providers who can connect any "thing" or IoT system to FIWARE Lab. It then provides steps to connect IoT devices to FIWARE Lab using the IDAS/SBC Ultralight 2.0 protocol, including registering a device, sending measurements, and sending commands. Other connection options like MQTT and OMA LWM2M/CoAP are also mentioned.
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT PlatformWSO2
WSO2 IoT Platform is one of the most adaptive Apache licensed open source IoT platforms available today. This slide deck discusses best of breed technologies WSO2 IoT Platform offers for device manufacturers to develop connected products as well as rich integration and smart analytics capabilities for system integrators to adopt devices into systems they build.
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
Scripting extends ForgeRock products in a powerful way, both for deployers as well as developers. For OpenAM, deployers can embed the ssoadm command line utility in comprehensive shells scripts for ultra fast deployments and configurations. Developers can use scripts for client-side and server-side authentication, policy conditions, and handling OpenID Connect claims. In OpenIDM, scripting allows you to customize various aspects of OpenIDM functionality, by providing custom logic between source and target mappings, defining correlation rules, filters, triggers, and more.
Webinar Highlights:
Scripting
The ForgeRock Platform
Q&A
Join Anders Askåsen, Senior Technical Product Manager, and Javed Shah, Senior Sales Engineer, as they highlight the concepts and show examples and best practices for scripting with the ForgeRock Identity Platform.
FIWARE (https://www.fiware.org) is a collection of well-integrated Open Source tools (e.g. OpenStack, Hadoop, Docker, ...) that provides a set of RESTful APIs that allows for easy development of cloud-based applications. Haven't you yet heard about it? Sit down and enjoy the ride! The talk will present FIWARE main APIs and discuss a small example of FIWARE-based application for context-aware data management.
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesCodemotion
FIWARE (https://www.fiware.org) is a collection of well-integrated Open Source tools (e.g. OpenStack, Hadoop, Docker, ...) that provides a set of RESTful APIs that allows for easy development of cloud-based applications. Haven't you yet heard about it? Sit down and enjoy the ride! The talk will present FIWARE main APIs and discuss a small example of FIWARE-based application for context-aware data management.
This document provides guidance on configuring two-factor authentication for the IBM Security SiteProtector system using various plug-ins, including RADIUS, certificates/smart cards, LDAP, and default passwords. It includes code examples for setting up authentication using a RADIUS token protocol or smart card with user principal name mapping. Requirements and considerations are discussed for smart card usage, certificate validation, and property encryption.
FIWARE Training: Connecting to Legacy Systems, IoT and other SystemsFIWARE
An online training course run by the FIWARE Foundation in conjunction with the i4Trust project and IShare Foundation. The core part of this virtual training camp (27 Jun - 01 Jul 2022) covered all the necessary skills to develop smart solutions powered by FIWARE. It introduces the basis of Digital Twin programming using NGSI-LD (the simple yet powerful open standard API enabling to publish and access digital twin data) combined with common smart data models
In addition, it covers the supplementary FIWARE technologies used to implement the rest of functions typically required when architecting a complete smart solution: Identity and Access Management (IAM) functions to secure access to digital twin data, and functions enabling the interface with IoT and 3rd systems, or the connection with different tools for processing and monitoring current and historic big data.
Extending this core part, the training camp also cover how you can easily integrate FIWARE systems with blockchain networks to create audit-proof logs of processes and ensure transparency.
Mansih Chasta is a principal consultant at Indusface with over 6 years of experience in information and application security. The document discusses an upcoming training on analyzing and reverse engineering Android applications. It will cover topics like the Android SDK, setting up a GoatDroid application, memory analysis, intercepting layer 7 traffic, reverse engineering Android apps, SQLite database analysis, and demonstrating exploits on an ExploitMe application. Statistics are provided on growth in mobile app downloads from 2010 to 2014.
Denis Zhuchinski Ways of enhancing application securityАліна Шепшелей
In this lecture we will talk about what you should know and consider in the construction of an application developer to ensure the safe use of confidential user data.
The document provides steps for configuring Microsoft Intune and System Center Configuration Manager for mobile device management. It outlines the process for setting up Intune subscriptions, configuring directory synchronization and federated services, enrolling users, configuring Configuration Manager for MDM, and verifying the connection. It also provides details on platform-specific management features, settings deployment, inventory collection, device retirement, and common troubleshooting issues.
The document provides steps for configuring Microsoft Intune and System Center Configuration Manager for mobile device management. It outlines the process for setting up Intune subscriptions, configuring directory synchronization and federated services, enrolling users, and verifying mobile device management functionality. It also provides details on platform-specific management tasks, inventory collection, device retirement, and common troubleshooting issues.
Configure & send push notification on i os deviceShepHertz
To help with the configuration of push notifications in iOS apps, we have come up with a comprehensive tutorial that covers some of the difficult steps such as configuring your own service and creating p12 files among other necessary tasks.
10 steps to cloud automation throughout Europe!
Use the VDC API to create cloud environments in Amsterdam, London, Paris, Berlin, Geneva on Interoute's network.
AWS IoT Device Management allows users to register, organize, monitor, and remotely manage connected devices at scale. It offers features like fast device registration, real-time fleet indexing and search, monitoring and updating devices, secure access to individual devices, and fleet onboarding, management, and software updates. Users can organize devices into logical hierarchies using thing groups and search both the device registry and device shadows. Device changes can be monitored through registry events. Secure tunneling provides remote access to troubleshoot devices. Device behavior is monitored through logs and security policies. Devices can be updated using jobs that define local actions for devices to execute.
This document provides an introduction and overview of the Orion Context Broker, which is a component of the FIWARE platform for managing context information at large scale. It describes how the Context Broker can be used to create, retrieve, update, and subscribe to context data from different sources using NGSI APIs. It provides examples of basic operations like creating and querying context entities and attributes, as well as more advanced operations like subscriptions and notifications. Contact information is provided for getting additional details on the Orion Context Broker.
How to build Simple yet powerful API.pptxChanna Ly
How to build simple yet powerful API from novice to professional. API for beginners, API for gurus, Enterprise level API, REST API, JWT API, Deep dive.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
This document discusses connecting Internet of Things (IoT) devices to the FIWARE ecosystem. It outlines two main scenarios: 1) IoT consumers who access data through a single API and protocol, and 2) IoT providers who can connect any "thing" or IoT system to FIWARE Lab. It then provides steps to connect IoT devices to FIWARE Lab using the IDAS/SBC Ultralight 2.0 protocol, including registering a device, sending measurements, and sending commands. Other connection options like MQTT and OMA LWM2M/CoAP are also mentioned.
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT PlatformWSO2
WSO2 IoT Platform is one of the most adaptive Apache licensed open source IoT platforms available today. This slide deck discusses best of breed technologies WSO2 IoT Platform offers for device manufacturers to develop connected products as well as rich integration and smart analytics capabilities for system integrators to adopt devices into systems they build.
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
Scripting extends ForgeRock products in a powerful way, both for deployers as well as developers. For OpenAM, deployers can embed the ssoadm command line utility in comprehensive shells scripts for ultra fast deployments and configurations. Developers can use scripts for client-side and server-side authentication, policy conditions, and handling OpenID Connect claims. In OpenIDM, scripting allows you to customize various aspects of OpenIDM functionality, by providing custom logic between source and target mappings, defining correlation rules, filters, triggers, and more.
Webinar Highlights:
Scripting
The ForgeRock Platform
Q&A
Join Anders Askåsen, Senior Technical Product Manager, and Javed Shah, Senior Sales Engineer, as they highlight the concepts and show examples and best practices for scripting with the ForgeRock Identity Platform.
FIWARE (https://www.fiware.org) is a collection of well-integrated Open Source tools (e.g. OpenStack, Hadoop, Docker, ...) that provides a set of RESTful APIs that allows for easy development of cloud-based applications. Haven't you yet heard about it? Sit down and enjoy the ride! The talk will present FIWARE main APIs and discuss a small example of FIWARE-based application for context-aware data management.
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 MinutesCodemotion
FIWARE (https://www.fiware.org) is a collection of well-integrated Open Source tools (e.g. OpenStack, Hadoop, Docker, ...) that provides a set of RESTful APIs that allows for easy development of cloud-based applications. Haven't you yet heard about it? Sit down and enjoy the ride! The talk will present FIWARE main APIs and discuss a small example of FIWARE-based application for context-aware data management.
This document provides guidance on configuring two-factor authentication for the IBM Security SiteProtector system using various plug-ins, including RADIUS, certificates/smart cards, LDAP, and default passwords. It includes code examples for setting up authentication using a RADIUS token protocol or smart card with user principal name mapping. Requirements and considerations are discussed for smart card usage, certificate validation, and property encryption.
FIWARE Training: Connecting to Legacy Systems, IoT and other SystemsFIWARE
An online training course run by the FIWARE Foundation in conjunction with the i4Trust project and IShare Foundation. The core part of this virtual training camp (27 Jun - 01 Jul 2022) covered all the necessary skills to develop smart solutions powered by FIWARE. It introduces the basis of Digital Twin programming using NGSI-LD (the simple yet powerful open standard API enabling to publish and access digital twin data) combined with common smart data models
In addition, it covers the supplementary FIWARE technologies used to implement the rest of functions typically required when architecting a complete smart solution: Identity and Access Management (IAM) functions to secure access to digital twin data, and functions enabling the interface with IoT and 3rd systems, or the connection with different tools for processing and monitoring current and historic big data.
Extending this core part, the training camp also cover how you can easily integrate FIWARE systems with blockchain networks to create audit-proof logs of processes and ensure transparency.
Mansih Chasta is a principal consultant at Indusface with over 6 years of experience in information and application security. The document discusses an upcoming training on analyzing and reverse engineering Android applications. It will cover topics like the Android SDK, setting up a GoatDroid application, memory analysis, intercepting layer 7 traffic, reverse engineering Android apps, SQLite database analysis, and demonstrating exploits on an ExploitMe application. Statistics are provided on growth in mobile app downloads from 2010 to 2014.
Denis Zhuchinski Ways of enhancing application securityАліна Шепшелей
In this lecture we will talk about what you should know and consider in the construction of an application developer to ensure the safe use of confidential user data.
The document provides steps for configuring Microsoft Intune and System Center Configuration Manager for mobile device management. It outlines the process for setting up Intune subscriptions, configuring directory synchronization and federated services, enrolling users, configuring Configuration Manager for MDM, and verifying the connection. It also provides details on platform-specific management features, settings deployment, inventory collection, device retirement, and common troubleshooting issues.
The document provides steps for configuring Microsoft Intune and System Center Configuration Manager for mobile device management. It outlines the process for setting up Intune subscriptions, configuring directory synchronization and federated services, enrolling users, and verifying mobile device management functionality. It also provides details on platform-specific management tasks, inventory collection, device retirement, and common troubleshooting issues.
Configure & send push notification on i os deviceShepHertz
To help with the configuration of push notifications in iOS apps, we have come up with a comprehensive tutorial that covers some of the difficult steps such as configuring your own service and creating p12 files among other necessary tasks.
10 steps to cloud automation throughout Europe!
Use the VDC API to create cloud environments in Amsterdam, London, Paris, Berlin, Geneva on Interoute's network.
AWS IoT Device Management allows users to register, organize, monitor, and remotely manage connected devices at scale. It offers features like fast device registration, real-time fleet indexing and search, monitoring and updating devices, secure access to individual devices, and fleet onboarding, management, and software updates. Users can organize devices into logical hierarchies using thing groups and search both the device registry and device shadows. Device changes can be monitored through registry events. Secure tunneling provides remote access to troubleshoot devices. Device behavior is monitored through logs and security policies. Devices can be updated using jobs that define local actions for devices to execute.
This document provides an introduction and overview of the Orion Context Broker, which is a component of the FIWARE platform for managing context information at large scale. It describes how the Context Broker can be used to create, retrieve, update, and subscribe to context data from different sources using NGSI APIs. It provides examples of basic operations like creating and querying context entities and attributes, as well as more advanced operations like subscriptions and notifications. Contact information is provided for getting additional details on the Orion Context Broker.
How to build Simple yet powerful API.pptxChanna Ly
How to build simple yet powerful API from novice to professional. API for beginners, API for gurus, Enterprise level API, REST API, JWT API, Deep dive.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
4. Confidential
www.vitalpointz.net
Device Addition is the way to ask the Platform to
Allocate a unique Topic for a device
Generate a Private Key and a Certificate for the device
Program device specific rules into the Rules Engine
Upon completion of Device addition process, Platform provides
Device Activation Code
4
1. Device Addition…
6. Confidential
www.vitalpointz.net
Once the form is filled, platform generates Device Activation Code
Note this value. Device needs to be programmed with this code
6
1. Device Addition
3
7. Confidential
www.vitalpointz.net7
Fields on Device Addition Form
Name* Give a name for the device
Description & Metadata Optional
OS/CPU Optional
Number of devices to add* Enter the no of devices to be added. Max limit 9999 per form. More devices can be added later
by repeating the process.
Enrich messages Metadata object to append with every device message before forwarding to flow-processing
function. Optional.
Message Decoder Name of the function that will trigger on reception of device message, Optional.
Group name Logical grouping to manage devices on UI, Optional
Device Topic Whitelisting Device topic is whitelisted either on completion of Device Add process or on completion of
essential API calls by the device.
Device configuration User defined key-value pair object , which gets delivered to device on completion of Capability
Exchange Call (essential calls). Optional.
Device Policy Defines the policy which is enforced to messages before forwarding to above said ‘Decoder’
function.
8. Confidential
www.vitalpointz.net
Device(s) are onboarded to Vitalpointz IoT Platform by
Installing VESPA Agent (or)
Implementing own Agent
Platform exposes few APIs for smooth on-boarding of the devices
VESPA is a reference implementation those REST APIs calls
VESPA Agents for multiple devices are available publicly in Github
https://github.com/Judepragash/vitalpointzIOT
8
2. On-Boarding
9. Confidential
www.vitalpointz.net
Devices would need below credentials to make REST API Calls to
the platform
1. User Access Key
2. Device Activation Code
Device can make below REST API calls while onboarding
Essential API calls in sequence
1. User Authenticate
2. Device Allocate (or) Device Authenticate
3. Device Capability Exchange
Optional Calls
9
2.a. Implement your own Device Agent
11. Confidential
www.vitalpointz.net
Target URL for the APIs in the
platform can be found by
navigating to Device Tab, clicking
on top Card.
Expand ’Device management
Services’ menu on the slider
11
Where to find API URLs?
31 2
12. Confidential
www.vitalpointz.net
User Auth Call
Note
Save the returned object as the keys present in this object will be required to make
subsequent calls.
12
Let us start Implementing
Request curl --location --request POST 'https://{{URL}}/user/authenticate’
--header 'Content-Type: application/json’
--data-raw '{"userkey": "Js8DXxGPHtb7"}'
Response 200 OK
{
"device_tenant_api_url": "https://dapi-5xxxxxxx.xxxx.vitalpointz.com",
"device_tenant_mqtt_url": "mqtt-xxxxx.xxxx.vitalpointz.com:10001",
"dns": "8.8.8.8",
"token":
"eyJhbGciOXXXXXXXXVCJ9.eyJleHBrIjozNjAwLCJpYQQQQQQQQQQQQRRRIIITY1NzQsImp0aSI6Ij
BiNDk3MjU2LWEXXXXXXXXXXXNTk3MyJ9.gwVybD344PILh8IUCS_LQbRtSc5sC4QiWTiAfxx4KVk"
}
13. Confidential
www.vitalpointz.net
Device Allocate Call (very first time)
device_tenant_url : from previous call
device_token : from previous call
hash : device must generate and present a unique value
device_activation_code : platform generated value resulting from device add process.
13
Your own Agent …
Request curl --location --request POST '{{device_tenant_url}}/device/allocateAuth’
--header 'Authorization: Bearer {{device_token}}’
--header 'Content-Type: application/json’
--data-raw '{"hash": "jfdskfhhsufhu7ui84i4jrd92u394i2i","device_activation_code":"R2n3p6zL"}'
Response 200 OK
{
"deviceid": "5e4e35117883dd00323f2be6",
"devicename": "dd1",
"authcode": "uHswv2zHhfLRUgBr"
}
14. Confidential
www.vitalpointz.net
Device Allocate Call (subsequent time)
device_tenant_url : from user authentication call
Token : from user authentication call
device_authcode : platform generated, from Device Allocate call.
14
Your own Agent …
Request curl --location --request GET '{{device_tenant_url}}/device/auth/{{dev_authcode}}’
--header 'Authorization: Bearer {{device_token}}’
--header 'Content-Type: application/json'
Response 200 OK
{
"deviceid": "5e4e35117883dd00323f2be6",
"devicename": "dd1",
}
16. Confidential
www.vitalpointz.net
Notes on Capability Exchange Call
Request
deviceid is provided by the platform as response to Device allocate / device auth call.
Device programmer is free to send any object as device_spec
Response
mqtttopic : must be used to send MQTT messages. Only this topic is allowed and
whitelisted by the platform.
16
Your own Agent
17. Confidential
www.vitalpointz.net
Send message over REST Interface
Notes
topic : must be provided by the platform. developers are free to extend the topic keeping the
top level topic intact.
Example, in this case, topic provided by the platform is ‘z/R92lBqDrB’
17
Other Important Calls
Request url --location --request POST '{{device_tenant_url}}/device/data’
--header 'Authorization: Bearer {{device_token}}’
--header 'Content-Type: application/json’
--data-raw '{"topic": "z/R92lBqDrB/r_oY3pszG","data": "{"Temperature":40,"Notes":"this was
taken at home."}"}'
Response 200 OK
{ "status": "success",
"message": "Device data published."
}
18. Confidential
www.vitalpointz.net
Download Device Private Key
Notes
device_tenant_url & device_token : result of user authenticate call.
Deviceid : result of device allocate / device auth call
18
Device chain of trust – (1)
Request curl --location --request GET '{{device_tenant_url}}/cert/client_key/{{deviceid}}’
--header 'Authorization: Bearer {{device_token}}’
Response 200 OK
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA58q/PPwKiEQ2KQN6N6Fnv1TPsnHcm5z5bM+Ni2mK9wWlG5
~~~~~snip ~~~~~~
eNaTxuJ3 PDBR/xBFqjp jnMuCjiLrc1tDHQYMkr+QiwYQoL8idevsEmm0UPlCUqjkfKAAtRR
-----END RSA PRIVATE KEY---
19. Confidential
www.vitalpointz.net
Download unique Device certificate
Notes
device_tenant_url & device_token : result of user authenticate call.
Deviceid : result of device allocate / device auth call
19
Device chain of trust – (2)
Request curl --location --request GET '{{device_tenant_url}}/cert/client_crt/{{deviceid}}’
--header 'Authorization: Bearer {{device_token}}'
Response 200 OK
-----BEGIN CERTIFICATE-----
MIIDVDCCAjwCCQCyOEL6Ax3EXjANBg/PPwKiEQ2KQN6N6Fnv1TPsnHcm5z5bM+
~~~~~snip ~~~~~~
eNaTxuJ3 PDBR/xBFqjp jnMuCjiLrc1tDHQYMkr+QiwYQoL8idevsEmm0UPlCUqjkfKAAtRR
-----END CERTIFICATE-----
20. Confidential
www.vitalpointz.net
Download root certificate
Notes
device_tenant_url & device_token : result of user authenticate call.
Deviceid : result of device allocate / device auth call
20
Device chain of trust – (3)
Request curl --location --request GET '{{device_tenant_url}}/cert/ca_root/{{deviceid}}’
--header 'Authorization: Bearer {{device_token}}'
Response 200 OK
-----BEGIN CERTIFICATE-----
MIIDVDCCAjwCCQCyOEL6Ax3EXjANBg/PPwKiEQ2KQN6N6Fnv1TPsnHcm5z5bM+
~~~~~snip ~~~~~~
eNaTxuJ3 PDBR/xBFqjp jnMuCjiLrc1tDHQYMkr+QiwYQoL8idevsEmm0UPlCUqjkfKAAtRR
-----END CERTIFICATE-----
21. Confidential
www.vitalpointz.net
Download ca chain of certificate (Root cert not returned)
Notes
device_tenant_url & device_token : result of user authenticate call.
Deviceid : result of device allocate / device auth call
21
Device chain of trust – (4)
Request curl --location --request GET '{{device_tenant_url}}/cert/ca_chain/{{deviceid}}’
--header 'Authorization: Bearer {{device_token}}'
Response 200 OK
-----BEGIN CERTIFICATE-----
MIIDVDCCAjwCCQCyOEL6Ax3EXjANBg/PPwKiEQ2KQN6N6Fnv1TPsnHcm5z5bM+
~~~~~snip ~~~~~~
eNaTxuJ3 PDBR/xBFqjp jnMuCjiLrc1tDHQYMkr+QiwYQoL8idevsEmm0UPlCUqjkfKAAtRR
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDVDCCAjwCCQCyOEL6Ax3EXjANBg/PPwKiEQ2KQN6N6Fnv1TPsnHcm5z5bM+
~~~~~snip ~~~~~~
eNaTxuJ3 PDBR/xBFqjp jnMuCjiLrc1tDHQYMkr+QiwYQoL8idevsEmm0UPlCUqjkfKAAtRR
-----END CERTIFICATE-----
22. Confidential
www.vitalpointz.net
Download Full Chain of certificates
Notes
device_tenant_url & device_token : result of user authenticate call.
Deviceid : result of device allocate / device auth call
22
Device chain of trust – (5)
Request curl --location --request GET '{{device_tenant_url}}/cert/ca_full/{{deviceid}}’
--header 'Authorization: Bearer {{device_token}}'
Response 200 OK
-----BEGIN CERTIFICATE----- MIIDVDCCAjwCCQCyOEL6Ax3EXjANBg/PPwKiEQ2KQN6N6Fnv1TPsnHcm5z5bM+
~~~~~snip ~~~~~~
eNaTxuJ3 PDBR/xBFqjp jnMuCjiLrc1tDHQYMkr+QiwYQoL8idevsEmm0UPlCUqjkfKAAtRR
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- MIIDVDCCAjwCCQCyOEL6Ax3EXjANBg/PPwKiEQ2KQN6N6Fnv1TPsnHcm5z5bM+
~~~~~snip ~~~~~~
eNaTxuJ3 PDBR/xBFqjp jnMuCjiLrc1tDHQYMkr+QiwYQoL8idevsEmm0UPlCUqjkfKAAtRR
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- MIIDVDCCAjwCCQCyOEL6Ax3EXjANBg/PPwKiEQ2KQN6N6Fnv1TPsnHcm5z5bM+
~~~~~snip ~~~~~~
eNaTxuJ3 PDBR/xBFqjp jnMuCjiLrc1tDHQYMkr+QiwYQoL8idevsEmm0UPlCUqjkfKAAtRR
-----END CERTIFICATE-----
23. Confidential
www.vitalpointz.net
If the device has a unique hardware id
such as mac id, use device allocate auth
call with hash being the hardware id.
The flow is shown in the pic
23
Call flow considerations – (1)