Create a Custom Authenticator
Function
This API is used by an application to create a custom authenticator on the IoT platform. You can use function services to customize the logic to authenticate devices connected to the platform.
-
A maximum of 10 custom authenticators can be configured for a single instance.
-
This API is supported only by standard and enterprise editions.
Debugging
You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.
URI
POST /v5/iot/{project_id}/device-authorizers
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
project_id |
Yes |
String |
Parameter description: project ID. For details, see Obtaining a Project ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
X-Auth-Token |
No |
String |
Parameter description: user token. You can obtain the token by calling the IAM API Obtaining a User Token Through Password Authentication. In the returned response header, X-Subject-Token is the desired user token. For details about how to obtain the token, see Token Authentication. |
Instance-Id |
No |
String |
Parameter description: instance ID. Unique identifier of each instance in the physical multi-tenant scenario. Mandatory for professional editions and recommended in other cases. Log in to the IoTDA console and choose Overview in the navigation pane to view the instance ID. For details, see Viewing Instance Details. |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
authorizer_name |
Yes |
String |
Parameter description: name of a custom authenticator, which must be unique under a tenant. Value: The value can contain a maximum of 128 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. |
func_urn |
Yes |
String |
Parameter description: function uniform resource name (URN), which uniquely identifies the function. It is the address of the processing function corresponding to the custom authenticator. |
signing_enable |
No |
Boolean |
Parameter description: whether to enable signature authentication (enabled by default). You are advised to enable this function. If this function is enabled, authentication information that does not meet signature requirements will be rejected to reduce invalid function calls, and signing_token and signing_public_key are mandatory. |
signing_token |
No |
String |
Parameter description: key value for signature authentication. Value: The value can contain a maximum of 128 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. |
signing_public_key |
No |
String |
Parameter description: public secret for signature authentication. Used to check whether the signature information carried by the device is correct. |
default_authorizer |
No |
Boolean |
Parameter description: whether the current custom authenticator is the default one. The default value is false. If this parameter is set totrue, the current authenticator policy is used for authentication on all devices that support SNI unless otherwise specified. |
status |
No |
String |
Parameter description: whether to enable the authentication mode.
|
cache_enable |
No |
Boolean |
Parameter description: whether to enable the cache function. The default value is false. If this parameter is set to true and the device input parameters (username, client ID, password, certificate information, and function URN) remain unchanged, the cache result is directly used when the cache result exists. You are advised to set this parameter to false during debugging, set this parameter to true during production to avoid frequent function invoking. |
Response Parameters
Status code: 201
Parameter |
Type |
Description |
---|---|---|
authorizer_id |
String |
Parameter description: custom authenticator ID. |
authorizer_name |
String |
Parameter description: name of a custom authenticator, which must be unique under a tenant. Value: The value can contain a maximum of 128 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. |
func_name |
String |
Parameter description: function name. |
func_urn |
String |
Parameter description: function uniform resource name (URN), which uniquely identifies the function. It is the address of the processing function corresponding to the custom authenticator. |
signing_enable |
Boolean |
Parameter description: whether to enable signature authentication (enabled by default). You are advised to enable this function. If this function is enabled, authentication information that does not meet signature requirements will be rejected to reduce invalid function calls. |
signing_token |
String |
Parameter description: key value for signature authentication. Value: The value can contain a maximum of 128 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed. |
signing_public_key |
String |
Parameter description: public secret for signature authentication. Used to check whether the signature information carried by the device is correct. |
default_authorizer |
Boolean |
Parameter description: whether the authentication mode is used by default. The default value is false. |
status |
String |
Parameter description: whether to enable the authentication mode.
|
cache_enable |
Boolean |
Parameter description: whether to enable the cache function. The default value is false. If this parameter is set to true and the device input parameters (username, client ID, password, certificate information, and function URN) remain unchanged, the cache result is directly used when the cache result exists. You are advised to set this parameter to false during debugging, set this parameter to true during production to avoid frequent function invoking. |
create_time |
String |
Time when operations on custom authenticator are performed on the IoT platform. The value is in the format of yyyyMMdd'T'HHmmss'Z', for example, 20151212T121212Z. |
update_time |
String |
Time when the custom authenticator is updated on the IoT platform. The value is in the format of yyyyMMdd'T'HHmmss'Z', for example, 20151212T121212Z. |
Example Requests
Creates a custom authenticator.
POST https://{endpoint}/v5/iot/{project_id}/device-authorizers { "authorizer_name" : "myTest", "func_urn" : "urn:fss:cn-north-5:d92d9c5eb8e347b5bb31ecfe5bc0c4e1:function:default:mqtt_auth:latest", "signing_enable" : true, "signing_token" : "string", "signing_public_key" : "string", "default_authorizer" : false, "status" : "ACTIVE", "cache_enable" : true }
Example Responses
Status code: 201
Created
{ "authorizer_id" : "5c90fa7d3c4e4405e8525079", "authorizer_name" : "myTest", "func_name" : "mqtt_auth", "func_urn" : "urn:fss:cn-north-5:d92d9c5eb8e347b5bb31ecfe5bc0c4e1:function:default:mqtt_auth:latest", "signing_enable" : true, "signing_token" : "string", "signing_public_key" : "string", "default_authorizer" : false, "status" : "ACTIVE", "cache_enable" : false, "create_time" : "20231031T070547Z", "update_time" : "20231031T070547Z" }
Status Codes
Status Code |
Description |
---|---|
201 |
Created |
400 |
Bad Request |
401 |
Unauthorized |
403 |
Forbidden |
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot