Device signature
This topic describes how to use device signatures.
Background information
Alibaba Cloud IoT Platform uses the Message Queuing Telemetry Transport (MQTT) protocol for communication between devices and the platform. When an MQTT client connects to IoT Platform, the username, password, and clientID must conform to the format required by IoT Platform. These credentials, known as device signature information, are used to authenticate the device. The dev_sign feature provides an encapsulation for calculating these signature fields. This process is called device signing.
- The input parameters are on the left. The device credentials (ProductKey, DeviceName, and DeviceSecret) identify the device. The region specifies the site where you want to connect.Note Examples of regions include China (Shanghai), Asia Pacific NE 1 (Tokyo), US West 1 (Silicon Valley), and Asia Pacific SE 1 (Singapore). For a complete list, see Regions and zones.
- The output parameters are on the right. The hostname and port are the domain name and port for the server connection. The username, password, and clientID constitute the device signature information.
- In the center of the diagram, IOT_Sign_MQTT is the only API operation that this module provides.
Scenarios
If your device has an existing MQTT client and you want to communicate directly with IoT Platform over MQTT without using other software development kit (SDK) features, you can call the device signature API operation. This retrieves the MQTT parameters required to connect to IoT Platform. You can then use these parameters with your MQTT client to establish a connection.
Example program walkthrough
This topic uses Link SDK 3.2.0 as an example. For more information about how to download other versions of the Link SDK, see Obtain the SDK.
For a device signing code example, see the src/dev_sign/examples/dev_sign_example.c file. The following steps walk you through the code:
- To use the
dev_signfeature, include its API header filedev_sign_api.h:#include "dev_sign_api.h" - Create a new device in the IoT Platform console and record its credentials:
#define EXAMPLE_PRODUCT_KEY "a1X2bEn****" #define EXAMPLE_PRODUCT_SECRET "7jluWm1zql7b****" #define EXAMPLE_DEVICE_NAME "example1" #define EXAMPLE_DEVICE_SECRET "ga7XA6KdlEeiPXQPpRbAjOZXwG******" - Declare the required underlying interface:Note The
dev_signfeature has no dependencies. You can use it without any Hardware Abstraction Layer (HAL) adaptation. HAL_Printf is declared here only because it is required for printing output in the example./* Implement this HAL or use the "printf" of your own system if you want to print something in the example */ void HAL_Printf(const char *fmt, ...); - Prepare the input and output parameter structs:
int main(int argc, char *argv[]) { iotx_mqtt_region_types_t region = IOTX_CLOUD_REGION_SHANGHAI; iotx_dev_meta_info_t meta; iotx_sign_mqtt_t sign_mqtt; memset(&meta,0,sizeof(iotx_dev_meta_info_t)); memcpy(meta.product_key,EXAMPLE_PRODUCT_KEY,strlen(EXAMPLE_PRODUCT_KEY)); memcpy(meta.product_secret,EXAMPLE_PRODUCT_SECRET,strlen(EXAMPLE_PRODUCT_SECRET)); memcpy(meta.device_name,EXAMPLE_DEVICE_NAME,strlen(EXAMPLE_DEVICE_NAME)); memcpy(meta.device_secret,EXAMPLE_DEVICE_SECRET,strlen(EXAMPLE_DEVICE_SECRET)); - Declare a struct variable of the
iotx_dev_meta_info_ttype. Populate it with the device credentials for which you want to calculate the signature.Then, call the API operation for thedev_signfeature,IOT_Sign_MQTT(), to calculate the signature:if (IOT_Sign_MQTT(region,&meta,&sign_mqtt) < 0) { return -1; } - The result is stored in the output parameter
sign_mqtt, which is a struct variable of theiotx_sign_mqtt_ttype.You can then print the signature result or use it to connect to the MQTT server:#if 0 /* Uncomment this if you want to show more information */ HAL_Printf("sign_mqtt.hostname: %s\n",sign_mqtt.hostname); HAL_Printf("sign_mqtt.port : %d\n",sign_mqtt.port); HAL_Printf("sign_mqtt.username: %s\n",sign_mqtt.username); HAL_Printf("sign_mqtt.password: %s\n",sign_mqtt.password); HAL_Printf("sign_mqtt.clientid: %s\n",sign_mqtt.clientid); #endif
HAL_Printf, IOT_Sign_MQTT() does not perform any print actions during execution. If you want to view the results, you must uncomment the relevant code.The members of the output parameter are described as follows:
| Member name | Description |
| sign_mqtt.hostname | The domain name of the MQTT server that you can connect to. It is automatically calculated based on the input parameter region. |
| sign_mqtt.port | The port number of the MQTT server that you can connect to. According to the standard MQTT protocol, this is typically 1883 or 443. |
| sign_mqtt.username | The username to use when connecting to the MQTT server. |
| sign_mqtt.password | The password to use when connecting to the MQTT server. It corresponds to the username. |
| sign_mqtt.clientid | A custom ID that identifies the device when connecting to the MQTT server. The server does not verify this ID. Authentication is performed using the username and password. |
Feature API operations
IOT_Sign_MQTT- Prototype:
int32_t IOT_Sign_MQTT(iotx_mqtt_region_types_t region, iotx_dev_meta_info_t *meta, iotx_sign_mqtt_t *signout); - Description: Call this operation to calculate the signature for the specified device credentials. The operation returns the result in the output parameter
signout. - Parameters:
Parameter Data type Direction Description region iotx_mqtt_region_types_t Input The region where the device will operate, such as China (Shanghai), Asia Pacific NE 1 (Tokyo), US West 1 (Silicon Valley), or Asia Pacific SE 1 (Singapore). For a complete list, see Regions and zones. meta iotx_dev_meta_info_t * Input Stores the device's ID strings, including ProductKey and DeviceName. signout iotx_sign_mqtt_t * Output Stores the calculated signature information, including the MQTT server address and port, and the username and password for the connection. - Return values:
Return Value Description =0 Success <0 Failure
Required HAL interfaces
The dev_sign feature has no dependencies. You do not need to implement any HAL interfaces.