Overview

IoTDA authenticates a device when the device attempts to access the platform. The authentication process depends on the access method.

Access Type	Authentication Mode
Device using LwM2M over CoAP	You can call the API for creating a device or use the IoTDA console to register a device. Then, when connecting to the platform, a non-security device does not use DTLS/DTLS+, and carries the node ID to get authenticated. A security device uses DTLS/DTLS+, and carries both the secret and node ID to get authenticated.
Device using MQTT or MQTTS	Using secrets: You can call the API for creating a device or use the IoTDA console to register a device. Then, you can hardcode the device ID and secret returned by the platform into the device, and preset a CA certificate on the device if it uses MQTTS protocols. When connecting to the platform, the device uses the device ID and secret to get authenticated. Using certificates: You can upload a device CA certificate on the IoTDA console, and register the device, either by calling the API for creating a device or using the console. Then, you can hardcode the device ID returned by the platform into the device. When connecting to the platform, the device uses the X.509 certificate to get authenticated. Using custom authentication: Before connecting a device to the platform, you can use the application to configure custom authentication information on the console, and then configure custom authentication functions by using FunctionGraph. When the device connects to IoTDA, the platform obtains parameters such as the device ID and custom authentication function name, and sends an authentication request to FunctionGraph. The user implements the authentication logic to complete access authentication. Using custom templates: You can use a custom authentication template to orchestrate internal functions provided by the platform and flexibly customize triplet parameters ClientId, Username, and Password for MQTT device authentication.

Access Type

Authentication Mode

Device using LwM2M over CoAP

You can call the API for creating a device or use the IoTDA console to register a device. Then, when connecting to the platform, a non-security device does not use DTLS/DTLS+, and carries the node ID to get authenticated. A security device uses DTLS/DTLS+, and carries both the secret and node ID to get authenticated.

Device using MQTT or MQTTS

Using secrets:
You can call the API for creating a device or use the IoTDA console to register a device. Then, you can hardcode the device ID and secret returned by the platform into the device, and preset a CA certificate on the device if it uses MQTTS protocols. When connecting to the platform, the device uses the device ID and secret to get authenticated.
Using certificates:
You can upload a device CA certificate on the IoTDA console, and register the device, either by calling the API for creating a device or using the console. Then, you can hardcode the device ID returned by the platform into the device. When connecting to the platform, the device uses the X.509 certificate to get authenticated.
Using custom authentication:
Before connecting a device to the platform, you can use the application to configure custom authentication information on the console, and then configure custom authentication functions by using FunctionGraph. When the device connects to IoTDA, the platform obtains parameters such as the device ID and custom authentication function name, and sends an authentication request to FunctionGraph. The user implements the authentication logic to complete access authentication.

Using custom templates:
You can use a custom authentication template to orchestrate internal functions provided by the platform and flexibly customize triplet parameters ClientId, Username, and Password for MQTT device authentication.

Parent topic: Device Authentication

Previous topic: Device Authentication

Next topic: LwM2M/CoAP Authentication