Skip to content

Native MQTT API (Deprecated)

Caution

Native MQTT API is deprecated. It is recommended to use MindConnect MQTT API instead.

Idea

The Native MQTT API provides functionality for applications to manage the certificates for securely connecting the MQTT agents with MindSphere. With appropriate authentication, the API can be easily integrated into applications hosted in an enterprise system or likewise.

For further information about the Native MQTT Sync API, refer to the Native MQTT API specification.

Info

The MindConnect MQTT Service is currently available in regions Europe 1 and Europe 2.

Access

For accessing this service, your application or service needs to have the respective roles listed in Native MQTT roles and scopes.

Basics

CA Certificate

All MQTT-based devices which want to connect with MindSphere need to authenticate themselves by a unique certificate identity.

Registration Code

The user needs to get the registration code to use it as the common name of the verification certificate.

Verification Certificate

For MindSphere to make sure that the certificate uploader also possesses the corresponding private key, the user needs to prove the possession of the private key by issuing a verification certificate with the common name provided by MindSphere using the private key.

Auto-Generated Agent Certificate

The MQTT agent needs to authenticate with an agent certificate. MindConnect MQTT agents can request auto-generated agent certificate using the 'create auto-generated agent certificate' endpoint. It is available in the region Europe 1.

Features

The MindConnect MQTT exposes its API for realizing the following:

  • Upload a new CA certificate
  • Get the uploaded CA certificates
  • Get the CA Certificate with id
  • Delete the CA certificate by id
  • Verify existing CA certificate
  • Get a CA certificate's registration code

Following tasks are currently available in the region Europe 1:

  • Create auto-generated agent certificate
  • Get auto-generated agent certificates
  • Get auto-Generated Agent Certificate with id
  • Delete auto-Generated Agent Certificate by id

Limitations

  • Maximum 2 CA certificates per tenant can be uploaded.

Example Scenario

The ACME company has an IT department regulating the security of the enterprise. The security system manages the issuing of the device certificates using an enterprise application. This system has authorized the administrators to upload the CA and verification certificates to MindSphere using these APIs. This application issues the device certificates to OT users when they want to connect the device to MindSphere.

Any questions left?

Ask the community


Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.


Last update: August 30, 2022