Device provisioning MQTT API
The Fleet Provisioning service supports the following MQTT API operations:
This API supports response buffers in Concise Binary Object Representation (CBOR)
format and JavaScript Object Notation (JSON), depending on the
payload-format
of the topic. For clarity, the response
and request examples in this section are shown in JSON format.
payload-format |
Response format data type |
---|---|
cbor | Concise Binary Object Representation (CBOR) |
json | JavaScript Object Notation (JSON) |
Important
Before publishing a request message topic, subscribe to the response topics to receive the response. The messages used by this API use MQTT's publish/subscribe protocol to provide a request and response interaction.
If you don't subscribe to the response topics before you publish a request, you might not receive the results of that request.
CreateCertificateFromCsr
Creates a certificate from a certificate signing request (CSR). AWS IoT provides client certificates that
are signed by the Amazon Root certificate authority (CA). The new
certificate has a PENDING_ACTIVATION
status. When you call
RegisterThing
to provision a thing with this certificate, the
certificate status changes to ACTIVE
or INACTIVE
as
described in the template.
For more information on creating a client certificate using your Certificate Authority certificate and a certificate signing request, refer to Create a client certificate using your CA certificate.
Note
For security, the certificateOwnershipToken
returned by
CreateCertificateFromCsr
expires after one hour. RegisterThing
must be called
before the certificateOwnershipToken
expires. If the certificate
created by CreateCertificateFromCsr
hasn't been activated and attached
to a policy or a thing by the time the token expires, the certificate is
deleted. If the token expires, the device can call CreateCertificateFromCsr
to
generate a new certificate.
CreateCertificateFromCsr request
Publish a message with the
$aws/certificates/create-from-csr/
topic.payload-format
payload-format
-
The message payload format as
cbor
orjson
.
CreateCertificateFromCsr request payload
{ "certificateSigningRequest": "string" }
certificateSigningRequest
-
The CSR, in PEM format.
CreateCertificateFromCsr response
Subscribe to
$aws/certificates/create-from-csr/
.payload-format
/accepted
payload-format
-
The message payload format as
cbor
orjson
.
CreateCertificateFromCsr response payload
{ "certificateOwnershipToken": "string", "certificateId": "string", "certificatePem": "string" }
certificateOwnershipToken
-
The token to prove ownership of the certificate during provisioning.
certificateId
-
The ID of the certificate. Certificate management operations only take a certificateId.
certificatePem
-
The certificate data, in PEM format.
CreateCertificateFromCsr error
To receive error responses, subscribe to
$aws/certificates/create-from-csr/
.payload-format
/rejected
payload-format
-
The message payload format as
cbor
orjson
.
CreateCertificateFromCsr error payload
{ "statusCode": int, "errorCode": "string", "errorMessage": "string" }
statusCode
-
The status code.
errorCode
-
The error code.
errorMessage
-
The error message.
CreateKeysAndCertificate
Creates new keys and a certificate. AWS IoT provides client certificates that
are signed by the Amazon Root certificate authority (CA). The new certificate has a
PENDING_ACTIVATION
status. When you call RegisterThing
to provision a thing with this certificate, the certificate status changes to
ACTIVE
or INACTIVE
as described in the
template.
Note
For security, the certificateOwnershipToken
returned by
CreateKeysAndCertificate
expires after one hour. RegisterThing
must be called
before the certificateOwnershipToken
expires. If the certificate
created by CreateKeysAndCertificate
hasn't been activated and
attached to a policy or a thing by the time the token expires, the certificate
is deleted. If the token expires, the device can call CreateKeysAndCertificate
to
generate a new certificate.
CreateKeysAndCertificate request
Publish a message on
$aws/certificates/create/
with an empty message payload.payload-format
payload-format
-
The message payload format as
cbor
orjson
.
CreateKeysAndCertificate response
Subscribe to
$aws/certificates/create/
.payload-format
/accepted
payload-format
-
The message payload format as
cbor
orjson
.
CreateKeysAndCertificate response
{ "certificateId": "string", "certificatePem": "string", "privateKey": "string", "certificateOwnershipToken": "string" }
certificateId
-
The certificate ID.
certificatePem
-
The certificate data, in PEM format.
privateKey
-
The private key.
certificateOwnershipToken
-
The token to prove ownership of the certificate during provisioning.
CreateKeysAndCertificate error
To receive error responses, subscribe to
$aws/certificates/create/
.payload-format
/rejected
payload-format
-
The message payload format as
cbor
orjson
.
CreateKeysAndCertificate error payload
{ "statusCode": int, "errorCode": "string", "errorMessage": "string" }
statusCode
-
The status code.
errorCode
-
The error code.
errorMessage
-
The error message.
RegisterThing
Provisions a thing using a pre-defined template.
RegisterThing request
Publish a message on
$aws/provisioning-templates/
.templateName
/provision/payload-format
payload-format
-
The message payload format as
cbor
orjson
. templateName
-
The provisioning template name.
RegisterThing request payload
{ "certificateOwnershipToken": "string", "parameters": { "string": "string", ... } }
certificateOwnershipToken
-
The token to prove ownership of the certificate. AWS IoT generates the token when you create a certificate over MQTT.
parameters
-
Optional. Key-value pairs from the device that are used by the pre-provisioning hooks to evaluate the registration request.
RegisterThing response
Subscribe to
$aws/provisioning-templates/
.templateName
/provision/payload-format
/accepted
payload-format
-
The message payload format as
cbor
orjson
. templateName
-
The provisioning template name.
RegisterThing response payload
{ "deviceConfiguration": { "string": "string", ... }, "thingName": "string" }
deviceConfiguration
-
The device configuration defined in the template.
thingName
-
The name of the IoT thing created during provisioning.
RegisterThing error response
To receive error responses, subscribe to
$aws/provisioning-templates/
.templateName
/provision/payload-format
/rejected
payload-format
-
The message payload format as
cbor
orjson
. templateName
-
The provisioning template name.
RegisterThing error response payload
{ "statusCode": int, "errorCode": "string", "errorMessage": "string" }
statusCode
-
The status code.
errorCode
-
The error code.
errorMessage
-
The error message.