HTTPS Authentication

Introduction

In HTTPS-based authentication, a device utilizes the HTTPS-based device authentication API to securely transmit the device ID and secret. The device ID and secret are encrypted using an algorithm. After the authentication is successful, the connection between the device and the platform is established, and the platform returns an access token.

Constraints

• An access token is required when HTTP APIs for property reporting and message reporting are called.
• If an access token expires, you need to authenticate the device again to obtain an access token.
• If you obtain a new access token before the old one expires, the old access token will be valid for 30 seconds before expiration.

Process

Figure 1 HTTPS access authentication process

1. An application calls the API for registering a device. Alternatively, a user uses the IoTDA console to register a device.
2. The platform allocates a globally unique device ID and secret to the device.
   

   The secret can be defined during device registration. If no secret is defined, the platform allocates one.

3. When a device attempts to connect to the platform, the device calls the HTTPS device authentication API to send an access authentication request to the platform. The request carries the device ID and the secret generated using the HMACSHA256 algorithm. The secret is the value obtained after the password allocated by the platform is signed using the timestamp as the key. For details, see Huawei Cloud IoTDA MQTT ClientId Generator.
4. If the authentication is successful, the platform returns a success message, and the device is connected to the platform.