The ClearBlade Platform for custom User and Device registries.


An account for a person, requiring and using an e-mail account as primary method for identification.


An account for a machine, enabling M2M (Machine-to-machine) communication. In place of an e-mail account, a device has a device name that unique within a given System.


Authentication is built upon an OAuth 2 model. Upon providing user or device credentials, a token is generated for use with subsequent requests.


Authentication is available via

System Key and Secret

ClearBlade Platform is multi-tenanted, meaning there are more than one IoT Systems running in a given platform. As a result, all authentication requires:

Key Value Example
System Key Unique autogenerated key for your system bd97e7a40bdcc597baf6adfc867e
System Secret Secret value for your IoT System BD97E7A40BC0B587BCAFFFA9A005


The following are required for a User to authenticate:

Key Value Example
Username E-mail of user
Password Password SX93f7f+


The following are required for a Device to authenticate:

Key Value Example
Device Name E-mail of user
Device Key Single Key, Rotating Key, or Certificate k9IOtxWPEWVOyJ+rt1jvNYDg


Role-based authorization is available for all user and device accounts. Permissions are applied to roles, rather than directly to a user or device. Each user and device can have multiple roles.

A developer assigns permissions to a role for each of the following assets:

  • Code
  • Collections
  • Adapters
  • Portals
  • Roles
  • Users
  • Devices
  • Edges
  • Messages

Each role has CRUD permissions for these assets.

For example, an Administrator role may have CRUD access to a code service called ‘EnablePremiumFeatures’, that is not accessible by an Authenticated user.

A developer can create any number of custom roles.

Default Roles

There are three default roles that have special permissions:

Role Behavior
Authenticated All new users and devices are auto-assigned this role
Anonymous All anonymous users are auto-assigned this role
Administrator No one is auto-assigned. Empty role ready to customize


User and Device tables both have customizable schemas. This allows a developer to configure additional attributes for each.

For example, a User may need an Organization column.

For example, a Device may have a lat and long column for storing its location.

Authentication Override

In order to support integrations with a pre-existing identify management system, Authentication Override allows for custom logic to define whether or not a user should be granted an OAuth token.