Cloud
ThingsBoard Documentation
Cloud Professional Edition Community Edition IoT Gateway License Server Trendz Analytics
Try it now Pricing
Documentation > Security > Device authentication options
Getting Started
Guides API FAQ

Device authentication options

Device credentials are used in order to connect to the ThingsBoard server by applications that are running on the device. ThingsBoard is designed to support different device credentials. There are two supported credentials types at the moment:

  • Access Tokens - general purpose credentials that are suitable for wide range of devices. Access Token based authentication may be used in not encrypted or one-way SSL mode.
    • Advantages: supported by resource constrained devices. Low network overhead. Easy to provision and use.
    • Disadvantages: may be easily intercepted while using un-encrypted network connection (HTTP instead of HTTPS, MQTT without TLS/SSL, etc).
  • Basic MQTT Credentials - Similar to first option, but work based on MQTT Client Id, username and password. May be used in not encrypted or one-way SSL mode.
    • Advantages: supported by resource constrained devices. Low network overhead. Easy to provision and use.
    • Disadvantages: may be easily intercepted while using un-encrypted network connection (MQTT without TLS/SSL).
  • X.509 Certificates - PKI and TLS standard. X.509 Certificate based authentication is used in two-way SSL mode.
    • Advantages: high level of security using the encrypted network connection and public key infrastructure.
    • Disadvantages: not supported by some resource constrained devices. Affects battery and CPU usage.

Device credentials need to be provisioned to corresponding device entity on the server. There are multiple ways to do this:

  • Automatically, using ThingsBoard REST API. For example during manufacturing, QA or purchase order fulfilment.
  • Manually, using ThingsBoard Web UI. For example for development purposes, or by system administrator.