The ClearBlade Platform for custom User and Device registries.
An account for a person, requiring and using an e-mail account as primary method for identification.
An account for a machine, enabling M2M (Machine-to-machine) communication. In place of an e-mail account, a device has a
device name that unique within a given System.
Authentication is built upon an OAuth 2 model. Upon providing user or device credentials, a token is generated for use with subsequent requests.
Authentication is available via
System Key and Secret
ClearBlade Platform is multi-tenanted, meaning there are more than one IoT Systems running in a given platform. As a result, all authentication requires:
|System Key||Unique autogenerated key for your system||bd97e7a40bdcc597baf6adfc867e|
|System Secret||Secret value for your IoT System||BD97E7A40BC0B587BCAFFFA9A005|
The following are required for a User to authenticate:
|Username||E-mail of email@example.com|
The following are required for a Device to authenticate:
|Device Name||E-mail of firstname.lastname@example.org|
|Device Key||Single Key, Rotating Key, or Certificate||k9IOtxWPEWVOyJ+rt1jvNYDg|
Role-based authorization is available for all user and device accounts. Permissions are applied to roles, rather than directly to a user or device. Each user and device can have multiple roles.
A developer assigns permissions to a role for each of the following assets:
Each role has CRUD permissions for these assets.
For example, an Administrator role may have CRUD access to a code service called ‘EnablePremiumFeatures’, that is not accessible by an Authenticated user.
A developer can create any number of custom roles.
There are three default roles that have special permissions:
|Administrator||No one is auto-assigned. Empty role ready to customize|
User and Device tables both have customizable schemas. This allows a developer to configure additional attributes for each.
For example, a User may need an
For example, a Device may have a
long column for storing its location.
In order to support integrations with a pre-existing identify management system, Authentication Override allows for custom logic to define whether or not a user should be granted an OAuth token.