Device Authorization
How to use ingest keys to authorize your device to send data to Spotflow.
Devices must be properly authorized to send telemetry data to Spotflow. This guide explains how to use ingest keys for secure device authentication and authorization.
What are Ingest Keys?
When a device connects to Spotflow, it must present its device id and a valid ingest key.
If the key is valid, the device is authorized to send telemetry data.
Ingest keys contain sf_ikv1_ as a prefix for easy identification, they may look like this:
sf_ikv1_abcd1234567890abcdef1234567890abcdef1234567890abcdefIngest keys are sensitive credentials. Treat them like passwords and never expose them in public repositories, logs, or unsecured locations.
If an ingest key is compromised, it can allow foreign devices to send data to your Spotflow workspace.
How to Manage Ingest Keys
Depending on your security requirements and operational needs, you can use a single key for multiple devices or assign unique keys to each device.
Single Key for Multiple Devices
Use Case: Development environments, small device fleets, or when operational simplicity is prioritized.
Benefits: Simplified key management and easier deployment.
Considerations: If compromised, affects all devices using the key.
Unique Key per Device
Use Case: Production environments, high-security applications, or when fine-grained access control is required.
Benefits: Enhanced security isolation and granular access revocation.
Considerations: Requires secure key provisioning process.
Hybrid Approach
You might also use a hybrid approach where you group devices by environment, product line, or security zone (e.g., development, staging, production).
Key revocation
If you need to revoke an ingest key, you can do so from the Spotflow web app. This will immediately prevent any device using that key from sending data, and it will disconnect any existing connections using that key.
Learn more
How is this guide?