Connect devices

Bring hardware online without copying certificates or writing integration code. A device registers, provisions its own identity, and starts reporting on its own.

How a device comes online

You register a device by name, which mints a one-time registration token and creates the device in a PENDING state. The device is flashed with that token; on first boot it generates its own private key, sends a certificate signing request, and receives a signed X.509 identity back. From then on it talks to the broker over mutual TLS — its private key never leaves the device.

Once it checks in, the device moves to ACTIVE and appears online. Its status can be PENDING, ACTIVE, INACTIVE, MAINTENANCE, or OFFLINE (set automatically when the broker sees it disconnect, and cleared on reconnect).

What a device is made of

New to the model? Core concepts explains how devices, components, sensors, and readings nest together. In short:

  • A Device is the physical or virtual unit. It can carry location, tags, and metadata, and be grouped into Sites and tag-based DeviceGroups.
  • A Component is an addressable sub-unit of a device, bound to a SensorProfile that says what it measures.
  • A Sensor is a typed data channel — every reading belongs to one.
  • DeviceHealth captures uptime, free heap, signal strength, connection type, and how many readings were sent versus dropped.

A device's type can be described by a DeviceProfile, which declares the components it carries and the fields that are writable.

In the app

Register and manage devices under Devices (/{slug}/devices). Each device's detail page has tabs for Health, Commands, Info, Components, and Annotations. Registration happens on the device register screen, which shows the one-time token and polls until the device connects.

In the API

All paths are under the API base /api/v1.

  • POST /api/v1/devices/registration/tokens — generate a one-time token for a named device
  • GET /api/v1/devices/registration/tokens — list pending tokens; DELETE …/{tokenId} revokes one
  • POST /api/v1/devices/provision — device-facing: token + CSR in, signed certificate + CA chain out
  • GET|POST|PUT|DELETE /api/v1/devices — manage devices; GET /api/v1/devices/summary for counts
  • GET|POST|PUT|DELETE /api/v1/components — manage components
  • GET /api/v1/sensors — discover sensors across the org (filter by device, group, value type, tags)
  • GET /api/v1/devices/{deviceId}/health — health history, plus /latest, /window, and /summary
  • GET|POST|PUT|DELETE /api/v1/device-groups — tag-based grouping

The certificate identity is issued by an internal certificate authority and is one-time per token — a token can't be reused once a device has provisioned with it. Components are also created automatically when a device announces them.

Was this page helpful?