Updated on 2024-11-06 GMT+08:00

Create a Custom Authenticator

Function

This API is used by an application to create a custom authenticator on the IoT platform. You can use function services to customize the logic to authenticate devices connected to the platform.

  • A maximum of 10 custom authenticators can be configured for a single instance.

  • This API is supported only by standard and enterprise editions.

Debugging

You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer.

URI

POST /v5/iot/{project_id}/device-authorizers

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Parameter description: project ID. For details about how to obtain the project ID, see Obtaining a Project ID.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

No

String

Parameter description: user token. Obtain the token by calling the IAM API for obtaining a user token through password authentication. In the returned response header, X-Subject-Token is the desired user token. For details about how to obtain the token, see Token Authentication.

Instance-Id

No

String

Parameter description: instance ID. Unique identifier of each instance in the physical multi-tenant scenario. Mandatory for professional editions and recommended in other cases. Log in to the IoTDA console and choose Overview in the navigation pane to view the instance ID. For details, see Viewing Instance Details.

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

authorizer_name

Yes

String

Parameter description: name of a custom authenticator, which must be unique under a tenant. Value: The value can contain a maximum of 128 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed.

func_urn

Yes

String

Parameter description: function uniform resource name (URN), which uniquely identifies the function. It is the address of the processing function corresponding to the custom authenticator.

signing_enable

No

Boolean

Parameter description: whether to enable signature authentication (enabled by default). You are advised to enable this function. If this function is enabled, authentication information that does not meet signature requirements will be rejected to reduce invalid function calls, and signing_token and signing_public_key are mandatory.

Default: true

signing_token

No

String

Parameter description: key value for signature authentication. Value: The value can contain a maximum of 128 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed.

signing_public_key

No

String

Parameter description: public secret for signature authentication. Used to check whether the signature information carried by the device is correct.

default_authorizer

No

Boolean

Parameter description: whether the current custom authenticator is the default one. The default value is false. If this parameter is set totrue, the current authenticator policy is used for authentication on all devices that support SNI unless otherwise specified.

Default: false

status

No

String

Parameter description: whether to enable the authentication mode.

  • ACTIVE: The authentication is enabled.

  • INACTIVE: The authentication is disabled.

Default: INACTIVE

cache_enable

No

Boolean

Parameter description: whether to enable the cache function. The default value is false. If this parameter is set to true and the device input parameters (username, client ID, password, certificate information, and function URN) remain unchanged, the cache result is directly used when the cache result exists. You are advised to set this parameter to false during debugging, set this parameter to true during production to avoid frequent function invoking.

Default: false

Response Parameters

Status code: 201

Table 4 Response body parameters

Parameter

Type

Description

authorizer_id

String

Parameter description: custom authenticator ID.

authorizer_name

String

Parameter description: name of a custom authenticator, which must be unique under a tenant. Value: The value can contain a maximum of 128 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed.

func_name

String

Parameter description: function name.

Minimum: 0

Maximum: 65535

func_urn

String

Parameter description: function uniform resource name (URN), which uniquely identifies the function. It is the address of the processing function corresponding to the custom authenticator.

Minimum: 0

Maximum: 65535

signing_enable

Boolean

Parameter description: whether to enable signature authentication (enabled by default). You are advised to enable this function. If this function is enabled, authentication information that does not meet signature requirements will be rejected to reduce invalid function calls.

Default: true

signing_token

String

Parameter description: key value for signature authentication. Value: The value can contain a maximum of 128 characters. Only letters, digits, underscores (_), and hyphens (-) are allowed.

signing_public_key

String

Parameter description: public secret for signature authentication. Used to check whether the signature information carried by the device is correct.

Minimum: 0

Maximum: 65535

default_authorizer

Boolean

Parameter description: whether the authentication mode is used by default. The default value is false.

Default: false

status

String

Parameter description: whether to enable the authentication mode.

  • ACTIVE: The authentication is enabled.

  • INACTIVE: The authentication is disabled.

Default: INACTIVE

cache_enable

Boolean

Parameter description: whether to enable the cache function. The default value is false. If this parameter is set to true and the device input parameters (username, client ID, password, certificate information, and function URN) remain unchanged, the cache result is directly used when the cache result exists. You are advised to set this parameter to false during debugging, set this parameter to true during production to avoid frequent function invoking.

Default: false

create_time

String

Time when operations on custom authenticator are performed on the IoT platform. The value is in the format of yyyyMMdd'T'HHmmss'Z', for example, 20151212T121212Z.

update_time

String

Time when the custom authenticator is updated on the IoT platform. The value is in the format of yyyyMMdd'T'HHmmss'Z', for example, 20151212T121212Z.

Example Requests

Creates a custom authenticator.

POST https://{endpoint}/v5/iot/{project_id}/device-authorizers

{
  "authorizer_name" : "myTest",
  "func_urn" : "urn:fss:cn-north-5:d92d9c5eb8e347b5bb31ecfe5bc0c4e1:function:default:mqtt_auth:latest",
  "signing_enable" : true,
  "signing_token" : "string",
  "signing_public_key" : "string",
  "default_authorizer" : false,
  "status" : "ACTIVE",
  "cache_enable" : true
}

Example Responses

Status code: 201

Created

{
  "authorizer_id" : "5c90fa7d3c4e4405e8525079",
  "authorizer_name" : "myTest",
  "func_name" : "mqtt_auth",
  "func_urn" : "urn:fss:cn-north-5:d92d9c5eb8e347b5bb31ecfe5bc0c4e1:function:default:mqtt_auth:latest",
  "signing_enable" : true,
  "signing_token" : "string",
  "signing_public_key" : "string",
  "default_authorizer" : false,
  "status" : "ACTIVE",
  "cache_enable" : false,
  "create_time" : "20231031T070547Z",
  "update_time" : "20231031T070547Z"
}

Status Codes

Status Code

Description

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

500

Internal Server Error

Error Codes

See Error Codes.