Overview
Introduction
In addition to the default authentication mode, you can also use the internal functions provided by the platform to flexibly orchestrate authentication modes for devices connecting to the platform.
Scenarios
- Device migration from third-party IoT platforms to IoTDA: You can configure a custom template to be compatible with the original authentication mode. No modification is required on the device side.
- Native access: Custom templates can support more devices.
Constraints
- The device must use TLS and support SNI (Server Name Indication). The SNI must carry the domain name allocated by the platform.
- Max. templates: five for a user. Only one template can be enabled at a time.
- Max. functions nested: five layers.
- Max. content length: 4,000 characters. Chinese character not allowed.
- When the device uses secret authentication, the template password function must contain the original secret parameter (iotda::device:secret).
- The format of the template authentication parameter username cannot be the same as that of the custom function authentication parameter username. Otherwise, the custom function authentication is used. For example:
{deviceId}|authorizer-name={authorizer-name}|xxx
- As custom authentication templates have higher priority, once you activate a custom authentication template, the platform uses the template instead of the default mode.

Our custom authentication mode enables device access without requiring reconstruction on the device side. It is important to avoid weak or verification-free modes for security. If the security level of your custom template is too low, it may lead to security issues. The platform does not assume any security responsibilities in such cases.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot