Updated on 2025-07-29 GMT+08:00

Device Self-Registration

Introduction

The device self-registration function enables automatic registration of a device with the IoT platform upon initial connection, eliminating the need for pre-registration on the console. This process is facilitated through certificate authentication, with device information stored in device certificates.

Figure 1 Device self-registration process

Scenarios

  • Device requirements: Some devices cannot be pre-registered on the console or by calling APIs.
  • Internet of Vehicles (IoV): When a head unit is started, it automatically registers with the platform and reports data to the platform, simplifying the development of the vehicle application.
  • Multi-instance scenario: Enterprise customers can utilize the self-registration function to efficiently manage devices across multiple IoTDA instances. This eliminates the need to provision and register devices separately on each instance beforehand.

Constraints

  • Max. self-registration templates for an instance: 10.
  • To use the device self-registration function, the device must use transport layer security (TLS) and enable the Server Name Indication (SNI) extension. The SNI must carry the domain name allocated by the platform. To obtain the domain name, see How Do I Obtain the Platform Access Address?
  • Only available for MQTTS certificate authentication.
  • Not available for standard edition instances in the CN East-Shanghai1 region.

    Devices registered through self-registration are authenticated based on the self-registration template. Modifying or disabling the self-registration template may affect device authentication. Exercise caution.

Procedure

  1. Access the IoTDA service page and click Access Console. Click the target instance card.
  2. Create a product.
  3. In the navigation pane, choose Devices > Self-registration Template. Click Create Template. On the displayed page, enter basic information, and click the button for adding the required parameters to the template.

    Figure 2 Self-registration template - Adding parameters

  4. Select the device name, node ID, device ID, and product ID in the resource configuration area.

    Figure 3 Self-registration template - Creating a template

    The platform predefines the parameters that can be declared and referenced in the template, as shown below. The certificate must contain the parameters referenced in the template.

    • iotda::certificate::country: country
    • iotda::certificate::organization: organization
    • iotda::certificate::organizational_unit: department
    • iotda::certificate::distinguished_name_qualifier: distinguished name
    • iotda::certificate::state_name: province/state
    • iotda::certificate::common_name: common name
    • iotda::certificate::serial_number: serial number

  5. Add a policy in the policy configuration area. The added policy is automatically bound to the device during self-registration. For details, see Device Topic Policies.
  6. In the navigation pane, choose Devices > Device Certificates. Create a device certificate by referring to Registering a Device Authenticated by an X.509 Certificate. Upload the CA certificate to the platform for verification, bind the self-registration template created in 3, and enable the self-registration function.

    Figure 4 Device CA certificate - Binding a template

    The CA certificate and the product associated with the product ID in the template must be in the same resource space.

  7. On the device CA certificate tab page, click Debug, upload the device certificate created in 6, and check whether the pre-parsed device information meets your expectation.

    Figure 5 Device CA certificate - Debugging a certificate

Simulator-based Verification

Use MQTT.fx to simulate a device to access the platform for automatic device registration.

  1. Download MQTT.fx (64-bit OS) or MQTT.fx (32-bit OS) and install it.
  2. Open MQTT.fx, set connection parameters by referring to Table 1, and click Apply.

    Table 1 Connection parameters

    Parameter

    Description

    Broker Address

    Platform access address (see How Do I Obtain the Platform Access Address?)

    Broker Port

    8883

    Client ID

    Any string. Recommended: Set this parameter according to the platform rules in Device Connection Authentication to ensure continued access to the platform via certificate authentication even after the template is disabled.

    User Name

    Any string. Recommended: Set this parameter according to the platform rules in Device Connection Authentication to ensure continued access to the platform via certificate authentication even after the template is disabled.

    Password

    Empty

    Enable SSL/TLS

    True

    Self signed certificates

    True

    CA File

    Platform CA certificate (see Certificates)

    Client Certificate File

    Path of the device certificate file

    Client Key File

    Path of the private key file of the device certificate

    Client Key Password

    Private key password (not necessary if there is no password)

    Figure 6 MQTT.fx Settings
    Figure 7 Connection parameters
    Figure 8 Certificate information

  3. Click Connect. If the icon in the upper right corner turns green, the simulated device has been authenticated and connected.

    Figure 9 Device simulator connected

  4. In the navigation pane of the IoTDA console, choose Devices > All Devices. On the device list tab page, search for the device by device ID or node ID. The device is displayed as registered and online.

    Figure 10 Device - Self-registered device details