Stand with Ukraine flag
Try it now Pricing
Professional Edition
Community Edition Professional Edition Cloud Edge PE Edge IoT Gateway License Server Trendz Analytics Mobile Application PE Mobile Application MQTT Broker
Documentation > Security > CoAP Transport > Access Token based authentication
Getting Started
Devices Library Guides Installation Architecture API FAQ
On this page

Access Token based authentication for CoAP over DTLS

Access Token Based Authentication is the default device authentication type. Once the device is created in ThingsBoard, the default access token is generated. It can be changed afterwards. In order to connect the device to a server using Access Token based authentication, the client must specify the access token as part of CoAP request URL. See CoAP API for more details.

CoAP AccessToken based authentication over DTLS is a standard authentication mode, where your client device verifies the identity of a server using server certificate. In order to run CoAP AccessToken based authentication over DTLS, the server certificate chain should be signed by authorized CA or client must import the self-signed server certificate (.cer or .pem) to its trust store. Otherwise, a connection will fail with the ‘Unknown CA’ error.

The coap-client example below demonstrates how to connect to ThingsBoard Cloud or to any other ThingsBoard CoAP server that has valid and trusted certificate.

Connect DTLS CoAP Client using access token

Install the CoAP client with DTLS support on Linux by following the next steps:

  • step 1: clone libcoap git repo:
git clone --recursive --depth 1
  • step 2: navigate into libcoap directory:
cd libcoap
  • step 3: execute next commands and then run ./ script:
sudo apt-get update
sudo apt-get install autoconf libtool libssl-dev
  • step 4: run ./configure script with next options:
./configure --with-openssl --disable-doxygen --disable-manpages --disable-shared
  • step 5: execute next command:
  • step 6: execute next command:
sudo make install

Finally, run the example script below to validate DTLS with access token (replace YOUR_ACCESS_TOKEN with your access token) auth:

publish time-series data:

coap-client-openssl -v 9 -m POST -t "application/json" -e '{"temperature":42}' coaps://

subscribe for shared attributes updates:

coap-client-openssl -v 9 -B 3600 -s 3600 coaps://


  • -B 3600 - Break operation after waiting given seconds;
  • -s 3600 - Subscribe to / Observe resource for given duration in seconds.

Don’t forget to replace with the host of your ThingsBoard instance and YOUR_ACCESS_TOKEN with the access token of your device.