Authentication Method

Overview

The Authentication Method defines how an End Customer proves ownership when claiming a Device. Several options are available, trading off security against user friction.


📘

The Authentication Method governs how the End Customer proves Device ownership during claiming. It is not the same as how the Device authenticates with the server (which is always done with the id and access_key returned by registration).


Authentication Methods

When you create a new Device Model in the Partner Portal, you select the Authentication Method. The Device firmware then implements the matching registration flow.

The options:

  1. MAC & Serial Number — uses the Device's MAC address plus serial number.
  2. Cloud ID (recommended) — uses a globally unique string per Device. See Generating a Cloud ID.
  3. Public Keycoming soon.
  4. X.509 Certificatecoming soon.

Every registration request must include the fields required by the chosen Authentication Method. Examples below.

Mac & Serial number

{
    "hardware_key": "",
    "mac": "",
    "sn": "",
    "firmware_version": "",
}

Cloud ID

{
    "hardware_key": "",
    "cloud_id": "",
    "sn": "",
    "firmware_version": "",
}

The server response includes the Device's id and access_key. Every subsequent API call from the registered Device must put the access_key in the HTTP Authorization header and the id in the URL deviceId parameter:

curl --location --request POST 'https://hub.xyte.io/v1/devices/{device_id}/telemetry' \
--header 'Content-Type: application/json' \
--header 'Authorization: xxx-xx...' \