OneNET IoT Platform Platform Introduction Introduction Manual Guidline for Device Development Guideline for Application Development
API
API Usage API List SDK MQTT LwM2M EDP Modbus TCP
HTTP Push

Security authentication

OneNET supports both general and secure authentication methods. They are compared as the following table:

general secure (recommend)
core secret keyApikeyAccessKey
core secret key updatenot supportsupport (coming soon)
authentication parametersapiKeytoken consisting of multiple parameter groups
transmission contentapiKey (direct transmit secret key)token, not containing a key
access time controlnot supportsupport
custom permissionnot supportsupport (coming soon)
device resource occupancylowerhigher
securitylowerhigher

This section focuses on security authentication method

Security authentication

Security authentication applicable scope: full API, message queue MQ connection, MQTTS device access The core authentication parameter of security authentication is token, which is composed of several parameters as follows:

tr>
name type required parameter description parameter description
versionstringyesparameter group version number, date format, currently only support "2018-10-31"2018-10-31
resstringyesaccess resource
Format is: parent resource class/parent resource ID/sub resource class/sub resource ID
the following formats are supported in the current version:
products/$PROD_ID
products/$PROD_ID/devices/$DEV_ID
products/123123
products/123123/devices/78329710
etintyesaccess expiration time expirationtime, unix time
when the et time in the primary access parameter is earlier than the current time, the platform considers the access parameter expired and rejects the access
1537255523
indicates: 2018-09-18 15:25:23 Beijing time
methodstringyesSignatureMethod
support md5、sha1、sha256
sha256
signstringyessignature result string Signature

Special description about the token parameters:

res usage scenario

The usage scenarios are as follows: |scenario| res parameter format| example | description| |:-|:-|:-|:-| |API access |products /$PROD_ID | products/123123 |currently only support product-level authentication|| |MQTTS connection authentication | products /$PROD_ID/devices /$DEV_ID | products/123123/devices/78329710| |message Queue MQ connection authentication | mqs/$MQ_ID |mqs/osndf09nand9f21390|message queue MQ is accessed as individual resource|

sign-signature algorithm

The generation algorithm of parameter-sign is as follows:

sign = base64(hmac_(accessKey, utf-8(StringForSignature)))

Where:

  • accessKey is the unique access secret key allocated by OneNET for independent resources (e.g. product). It participates in signature computation as one of the signature algorithm parameters. In order to ensure access security, please keep it properly.

  • string used to calculate the signature

The composition order of the string stringforsignature sorting the string according to parameter name, separated by '\n' as a parameter, and the current version is sorted in the following order: et, method, res, version

Examples of stringforsignature composition are as follows:

StringForSignature = et + '\n' + method + '\n' + res+ '\n' + version

Note: Each parameter is in key = value format, but only the value in the parameter participates in the calculation of the composition of the signature string StringForSignature, if the token parameter is as follows

et = 1537255523
method = sha1
res = products/123123
version = 2018-10-31

The string used to calculate the signature -StringForSignature is (in the order of et, method, res, version)

StringForSignature = "1537255523" + '\n' + "sha1"+ '\n' + "products/123123"+ '\n' + "2018-10-31"

Coding and Examples

Each parameter is expressed in the form of key = value, and '&' is used as a separator. The example is as follows:

version=2018-10-31&res=products/123123&et=1537255523&method=sha1&sign=ZjA1NzZlMmMxYzIOTg3MjBzNjYTI2MjA4Yw=

The value part required URL coding , and the special symbols that need to be coded are as follows:

number symbol coding
1 + %2B
2 space %20
3 / %2F
4 ? %3F
5 % %25
6 # %23
7 & %26
8 = %3D

After coding, the actually transmitted token in the example above is:

version=2018-10-31&res=products%2F123123&et=1537255523&method=sha1&sign=ZjA1NzZlMmMxYzIOTg3MjBzNjYTI2MjA4Yw%3D

results matching ""

    No results matching ""