Each device must be flashed with identity credentials issued by the IoT Platform to connect to the cloud.
Prerequisites
- You have developed and published the product. For more information, see Product Publishing.
- You have purchased or requested a specific number of activation codes. For more information, see Activation Code Billing.
Background information
An activation code is the unique credential that a device uses to connect to the IoT Platform. The platform provides two methods to flash activation codes.
- Per-device secret (Recommended): The platform issues a unique secret (DeviceSecret) for each device. During mass production, each device must be flashed with its unique secret. This method is highly secure and recommended.
- Per-product secret: The platform issues one secret (ProductSecret) for each product model. During mass production, all devices of the same model are flashed with the same secret.
To protect your devices from cyberattacks and forgery, the platform requires you to pre-register the DeviceName, such as the MAC address, serial number (SN), or International Mobile Equipment Identity (IMEI), for each device that uses a per-product secret. When a device connects to the cloud for the first time, the platform uses the DeviceName to verify its identity.
| Item | Per-device secret | Per-product secret |
| Information to flash to the device | ProductKey (product model), DeviceSecret (device password), and DeviceName (device name, such as the device's MAC address or SN) | ProductKey (product model), ProductSecret (product password), and DeviceName (device name, such as the device's MAC address or SN) |
| Security | High | General |
| Is there a quota limit? | Yes, there is. The limit is 500,000 per product. | Yes, a limit of 500,000 devices per product. |
| How to enable in the console | Enabled by default. | |
| How to disable in the console | This is the default method and cannot be disabled. |
Warning This is a high-risk operation. Proceed with caution. For more information, see the description below.
|
| DeviceName generation method | Automatic generation or batch upload | Batch upload |
- During mass production, ensure that the information to be flashed is correct. If incorrect information is flashed, it cannot be changed on the device, and you must reflash the device.
- To prevent device forgery and attacks caused by leaked ProductKey and ProductSecret values, the cloud does not allow activated devices to obtain device certificates again. You must persistently store and protect the device certificates on your devices. Do not purge the device certificate information when you restore a device to its factory settings.
- If you disable the per-product secret method, devices that were flashed using this method can no longer be activated. This does not affect devices that are already connected. Disabling the per-product secret method after mass production may lead to customer complaints and financial losses. Proceed with caution.
Mass-produce devices
- On the project homepage, click Mass Production, or click Mass Production in the navigation pane on the left to go to the mass production center.
- Choose . Select a product with a status of Published. In the Flashing Method column, select a method for mass production.
You can select Per-device secret or Per-product secret. The differences are as follows:
- If you select the Per-device secret method:
The default flashing method is Per-device secret. No changes are required.
- If you select the Per-product secret method:
In the Flashing Method column, click Per-device secret, select Per-product secret, and then click OK in the dialog box.
Note Per-product secretTo disable the per-product secret method, clear the check box.Disabling Per-product secret prevents devices that were previously flashed using this method from connecting to the network. If you have already used the per-product secret method to flash devices, do not disable it.
- If you select the Per-device secret method:
- Select the product for batch production. In the Actions column, click Batch Production to configure the activation code generation method. Then, perform the operations based on the selected flashing method.
You can select Automatic generation or Batch upload as the generation method. The maximum number of devices that can be added for a single product is 500,000.
- Automatic generation: The platform automatically generates a DeviceName and a DeviceSecret. You can flash them to each device. For this method, you only need to specify the required quantity.
Note For Bluetooth devices, the MAC address must be used as the DeviceName. The platform automatically obtains the product's MAC address from the official MAC address pool provided by the platform to generate the DeviceName.
Both Tmall Genie eco-projects and self-branded projects support automatic generation of activation codes.
- Batch upload: Enter the device IDs to be activated, such as MAC addresses, SNs, or IMEIs, as DeviceNames in an Excel file. Upload the Excel file to the platform. The platform automatically generates a DeviceSecret for each DeviceName.
Note Per-product secret flashing method supports only the Batch upload generation method for activation codes.
Click OK.
- Automatic generation: The platform automatically generates a DeviceName and a DeviceSecret. You can flash them to each device. For this method, you only need to specify the required quantity.
- Under Production Records, select the successfully mass-produced product and click View.
- In the dialog box that appears, verify the information and quantity of the mass-produced devices. Click Download Activation Code to save the activation codes locally.
What to do next
Use the batch flashing tool in the chip/module SDK provided by the platform to flash the activation codes onto the devices. For more information, see Firmware Flashing and Running.