Skip to main content

Connect Devices

This page explains all the concepts relevant to registering Devices to the Spotflow IoT Platform. The following diagram shows the relationships between these concepts:

Device Configuration

The most common way to register a Device is to use a process called Device Provisioning. You create a Provisioning Token in the Platform and embed it in the Device. The Device uses the Provisioning Token to initiate a Provisioning Operation. After you approve the operation, the Device receives its Device ID and Registration Token. A successfully registered Device can establish a secure connection to the Platform at any time.

sounds difficult? it is not!

All registration and communication logic is handled by the Device SDK so that you don't have to implement it manually.

The only 3 actions you need to do: 1. create a Provisioning Token, 2. embedd it in the Device, 3. approve it when the Device tries to connect to the Platform. See how easy it is in Tutorial: Connect New Device.

Device

In the context of the Platform, a Device can be any physical object (autonomous robot, vehicle, electronic gadget, or appliance) as well as a computer program (virtual Device). Secure connection to the Platform and all registration and communication logic is handled by the Device SDK.

Device ID

Within each Workspace, every registered Device must have a unique Device ID. It's a string that is 4-90 characters long and contains only the characters 0-9, a-z, A-Z, -, _, and .. The Device can choose its Device ID, or it can be set by the technician when approving the Provisioning Operation.

Registration Token

To connect to the Platform, the Device needs a Registration Token. Only with the Registration Token, the Device can perform common tasks, such as send Messages to the Platform. Spotflow IoT Platform offers a secure process called Device Provisioning to obtain the token.

Typically, Registration Tokens are valid only for a limited amount time. The best practice is to set the lifetime slightly longer than the time that the Device could be disconnected from the platform due to being turned off or not connected to the Internet. The Device SDK automatically refreshes the valid Registration Token to maintain continuity.

tip

If you find out that a Device was compromised, you can invalidate its access to the Platform by revoking the Registration Token manually. Revoking makes the token invalid even before its expiration time.

Device Provisioning

Device Provisioning is the preferred process used to register a Device into the Platform.

The process is depicted in the schema above:

  1. At first, you must create a Provisioning Token in the Platform and configure it according to the needs of your scenario.
  2. Each Device that wants to register to the Platform must have an embedded Provisioning Token, multiple Devices can share the same token.
  3. After the Device is turned on, it uses the Provisioning Token to initiate a Provisioning Operation.
  4. The Device then displays the operation details to the technician who is responsible for its registration. While the Device is periodically asking the Platform if the operation was approved, the technician finds the operation in the Platform and approves it.
  5. Finally, after the Device completes the operation, it receives its Registration Token.
  6. The Device then uses the Registration Token to register in the Platform.
note

The process follows the current best practices in IoT security. As all registration and communication logic is handled through the Device SDK, it takes away the burden of implementing it from you and contributes to the security of your Devices and data.

Provisioning Token

A Provisioning Token is a short string generated by the Platform for Device authentication. A Device can use it to initialize Device Provisioning. You can use Provisioning Tokens in two ways:

  • Create a single token and embed it into a whole set of Devices. Each Device selects its Device ID when it starts the Provisioning Operation.
  • Create and embed a specific token into each Device. The token already contains the Device ID, so the Device doesn't have to select it.

Provisioning Operation

When a Device starts its provisioning, this attempt is recorded as a new Provisioning Operation. The Device provides a set of information the technician will see when approving the operation. One of the importatnt information is Verification code - a short string displayed by the Device to convince the technician that it's the author of the operation.

Copyright © 2024 Spotflow, s.r.o.