RPC

ThingsBoard supports both server-initiated and device-initiated RPC over CoAP. For a full explanation of the RPC model, see Command & Control.

See Getting Connected for credential types and connection details.

The device subscribes to commands using the CoAP Observe option. When a server-side RPC is triggered (from the Rule Engine, REST API, or a dashboard widget), ThingsBoard pushes it to the observing client.

Access Token (observe for 60 seconds):

coap-client -v 6 -m GET -s 60 "coap://coap.thingsboard.cloud:5683/api/v1/$ACCESS_TOKEN/rpc"

X.509 Certificate:

coap-client-openssl -v 6 -c cert.pem -j key.pem -m GET -s 60 "coaps://coap.thingsboard.cloud/api/v1/rpc"

When a command arrives, the response body contains:

{
  "id": 1,
  "method": "setGpio",
  "params": {"pin": 23, "value": 1}
}

POST coap(s)://coap.thingsboard.cloud:5683/api/v1/$ACCESS_TOKEN/rpc/{id}

Access Token:

coap-client -v 6 -m POST -t "application/json" -e '{"result":"ok"}' "coap://coap.thingsboard.cloud:5683/api/v1/$ACCESS_TOKEN/rpc/1"

X.509 Certificate:

coap-client-openssl -v 6 -c cert.pem -j key.pem -m POST -t "application/json" -e '{"result":"ok"}' "coaps://coap.thingsboard.cloud/api/v1/rpc/1"

Replace 1 with the id value from the received command.

The device initiates an RPC call to the server with a POST request:

Access Token:

coap-client -v 6 -m POST -t "application/json" -e '{"method":"getTime","params":{}}' "coap://coap.thingsboard.cloud:5683/api/v1/$ACCESS_TOKEN/rpc"

X.509 Certificate:

coap-client-openssl -v 6 -c cert.pem -j key.pem -m POST -t "application/json" -e '{"method":"getTime","params":{}}' "coaps://coap.thingsboard.cloud/api/v1/rpc"

The Rule Engine processes the request and the response body contains the result returned by the RPC reply node:

{"time": "2026-01-01T12:00:00Z"}

When the device profile payload type is set to Protobuf, the request and response use fixed schemas. See MQTT RPC for the Protobuf schemas.