Fetch Device Credentials
Use this node to fetch the originator device’s credentials and add them to the message — for example, retrieving the access token or MQTT client ID before forwarding a provisioning payload to an external system that needs to know how the device authenticates. The originator must be a DEVICE; any other entity type results in Failure.
Configuration
Section titled “Configuration”- Fetch credentials to — required. Where to place the fetched credentials:
Message— adds to message data payload. The data must be a JSON object. Complex credentials (MQTT Basic) are added as a JSON object; simple credentials (Access Token, X.509) as strings.Metadata— adds to message metadata. All credentials are serialized as strings; complex credentials are stringified JSON.
Outgoing message fields
Section titled “Outgoing message fields”Two fields are always added:
| Field | Description |
|---|---|
credentialsType | ACCESS_TOKEN, MQTT_BASIC, or X509_CERTIFICATE |
credentials | The credential value (see formatting note above) |
Message processing algorithm
Section titled “Message processing algorithm”- Verify that the message originator is a
DEVICE. If not, route viaFailure. - Asynchronously fetch credentials for the originator device. If not found, route via
Failure. - Prepare
credentialsTypeandcredentialsfields based on destination format:- When adding to Metadata:
credentialsis always a string (stringified JSON for MQTT Basic). - When adding to Data:
credentialsis a JSON object for MQTT Basic; plain string for others.
- When adding to Metadata:
- Add the two fields to message data or metadata.
- Route via
Success.
Output connections
Section titled “Output connections”| Connection | Condition |
|---|---|
Success | Credentials fetched and added. |
Failure | Originator is not a DEVICE, credentials not found, or message data is not JSON when fetchTo is DATA. |
Examples
Section titled “Examples”Example 1 — Access token to metadata
Section titled “Example 1 — Access token to metadata”State: device has Access Token credentials sm001_token_123.
{ "fetchTo": "METADATA" }Outgoing metadata (added): { "credentialsType": "ACCESS_TOKEN", "credentials": "sm001_token_123" }
Example 2 — MQTT Basic credentials to metadata (stringified)
Section titled “Example 2 — MQTT Basic credentials to metadata (stringified)”State: device has MQTT Basic credentials clientId=clientId123, userName=username.
{ "fetchTo": "METADATA" }Outgoing metadata (added): { "credentialsType": "MQTT_BASIC", "credentials": "{\"clientId\":\"clientId123\",\"userName\":\"username\",\"password\":\"password123\"}" }
Example 3 — MQTT Basic credentials to data (JSON object)
Section titled “Example 3 — MQTT Basic credentials to data (JSON object)”State: same MQTT Basic device.
{ "fetchTo": "DATA" }Outgoing data (merged): { ..., "credentialsType": "MQTT_BASIC", "credentials": { "clientId": "clientId123", "userName": "username", "password": "password" } }
Example 4 — X.509 certificate to data
Section titled “Example 4 — X.509 certificate to data”State: device has X.509 credentials (public key string).
{ "fetchTo": "DATA" }Outgoing data (merged): { ..., "credentialsType": "X509_CERTIFICATE", "credentials": "o3Qwq2xq...QDAQAB" }
JSON schema
Section titled “JSON schema”{ "$schema": "https://json-schema.org/draft/2020-12/schema", "title": "TbFetchDeviceCredentialsNodeConfiguration", "type": "object", "required": ["fetchTo"], "additionalProperties": false, "properties": { "fetchTo": { "type": "string", "enum": ["DATA", "METADATA"] } }}