Getting Connected
ThingsBoard exposes an HTTP/HTTPS API for devices to publish telemetry, sync attributes, and exchange RPC commands. Any HTTP client — curl, an SDK library, or a language’s built-in HTTP stack — can connect without a specialized broker library.
Connection Parameters
Section titled “Connection Parameters”| Parameter | Value |
|---|---|
| Host | Your ThingsBoard hostname or IP |
| Port | 80 (HTTP) · 443 (HTTPS) |
| Protocol | HTTP/1.1 |
| Authentication | Access token in the URL path |
Authentication
Section titled “Authentication”HTTP uses access token credentials. Include the token as a path segment in every request URL:
http(s)://THINGSBOARD_HOST/api/v1/$ACCESS_TOKEN/{resource}Copy the access token from Entities → Devices → [device] → Copy Access Token. See Devices for how to manage device credentials.
Where {resource} defines the endpoint type for your request. The available resources are:
- telemetry — for sending telemetry data;
- attributes — for publishing or requesting client/shared attributes;
- rpc — for sending or replying to RPC commands;
- claiming — for initiating the device claiming process.
HTTPS (TLS)
Section titled “HTTPS (TLS)”Most deployments terminate TLS at a load balancer or reverse proxy (HAProxy, nginx, AWS ALB). The platform receives plain HTTP traffic internally.
To enable HTTPS directly on the ThingsBoard server, set these environment variables:
SSL_ENABLED=trueSSL_CREDENTIALS_TYPE=PEMSSL_PEM_CERT=server.pemSSL_PEM_KEY=server_key.pemSSL_PEM_KEY_PASSWORD=secret| Variable | Description |
|---|---|
SSL_ENABLED | Enables or disables SSL support. Set to true to activate HTTPS. |
SSL_CREDENTIALS_TYPE | Credential format: PEM for certificate files, or KEYSTORE for a Java keystore. |
SSL_PEM_CERT | Path to the server certificate file. The file may also include the private key. |
SSL_PEM_KEY | Path to the private key file. Optional if the private key is already included in the certificate file. |
SSL_PEM_KEY_PASSWORD | Password for an encrypted private key. Optional if the key is not password-protected. |
When connecting over HTTPS with a CA-signed certificate, clients need no special configuration — just use https:// as the URL scheme. For self-signed certificates, pass --cacert ca.pem to curl.
Response Codes
Section titled “Response Codes”| Code | Meaning |
|---|---|
200 OK | Client’s request has been successfully |
400 Bad Request | Invalid URL, request parameters, or body |
401 Unauthorized | Invalid or missing access token |
404 Not Found | Requested resource does not exist |
405 Method Not Allowed | URL doesn’t support this request method |
Command-Line Tool
Section titled “Command-Line Tool”Examples throughout this section use curl, which is available by default on Linux, macOS, and Windows 10+. Verify with curl --version.