I have an Azure Iot Hub endpoint where I have to send some data (consider small strings). I want to set the speed of sending the data to that url and am using Trickle to achieve that.
I thought
trickle -d 30 -u 30 wget http://armtest1.azure-devices.net
will do the work, but it is showing
failed: Connection refused
Also tried like this:
trickle -d 30 -u 30 wget --user=[myusername] --password=[mypassword] --auth-no-challenge http://armtest1.azure-devices.net
But still getting the same error.
It will be very helpful if you guys kindly point out my mistake and give me a way to achieve this using trickle.
Azure IoT Hub grants access to endpoints by verifying a token against the shared access policies and identity registry security credentials. Azure IoT Hub supports MQTT, AMQP, and HTTPS, these supported protocols transports tokens in different ways.HTTPS implements authentication by including a valid token in the Authorization request header.
If you want to access(send data) to Azure IoT Hub using REST API, an existing device need to be specified.Please try to execute the following command:
trickle -s -d 30 -u 30 \
wget --header="Authorization:<generated SAS token for device>" \
--header="Content-Type:application/json" \
--post-data '<your data in json style>' \
"https://<your-iothub-host>.azure-devices.net/devices/<device id>/messages/events?api-version=2016-02-03"
In the command,something need to be clarified.
generated SAS token for device: you can use Device Explorer to generate the token.Please refer to the step 2 in this article(Sending events to IOT Hub over HTTP via REST).
your data in json style:the data you want to send to IoT Hub. It is in JSON format.
your-iothub-host:You can get the hostname of IoT Hub in Azure Portal.This is the name when you created the IoT Hub.
When you executed the command successfully,there will be a response like:
Connecting to <your-iothub-host>.azure-devices.net (<your-iothub-host>.azure-devices.net)|<ipaddress>|:443... connected.
HTTP request sent, awaiting response... 204 No Content
2018-01-03 22:33:53 (0.00 B/s) - ‘events?api-version=2016-02-03’ saved [0]
and, IoT Hub will receive the message, you can monitor the events through Device Explorer.
Related
I'm trying to call the inbuilt azure API by bearer token generation. The bearer token is generated using "https://login.microsoftonline.com/{tenantID}/oauth2/token,"; and using this token, I'm trying to access the get device API from IoT Hub. The headers i am providing for the REST API call are content-type and Authorization(with the bearer token). But it is returning an error message as below:
Message;:;ErrorCode:IotHubUnauthorized;3cc43d2f-def7-4a3e-a2ue-eb367467ab90 is not valid;
Can anyone please help me in solving this?
To connect to your IoT Hub's Service API, you need a shared access token, not an oauth2 token. You can generate the token you need to set in your header through the az cli
az iot hub generate-sas-token -n {iothub_name}
If you like a more visual approach, you can use the Device Explorer. You can simply enter your IoT Hub connection string with service connect or iothubowner right and generate the token.
You can then use the service endpoints of your IoT Hub, here's an example curl request:
curl --request GET \
https://<hub-name>.azure-devices.net/devices?api-version=2018-06-30 \
--header "Authorization: SharedAccessSignature sr=<hub-name>.azure-devices.net&sig=KSobATNRdkFtd999999990v7NYU4hitkTA3ts%3D&se=1626508840&skn=iothubowner"
Hello i am trying to fetch devices present/registered at IOTHUB via RESTAPI. But i am confused how to fetch all devices.
I have read the documentation here : IoT Hub Service - Get Devices
But When i send a request i am getting an error
"Message": "ErrorCode:IotHubUnauthorizedAccess;Unauthorized",
"ExceptionMessage": "Tracking ID:a795ee1f7ae04adfa600333e45e9aa09-G:5-TimeStamp:06/29/2020 14:32:56"
Is there any auth token to provide in order to get devices?
So for a quick start on this we can use Postman with Azure IoT Hub Query language..+ SAS token for authorization.
Step 1: Generate the SAS token as said by Matthijs, Also we can quickly make use of Device Explorer tool Or Use this link to find the SetupDeviceExplorer.msi. Copy the generated SAS token fully.
Step 2: Construct the Query body.
the POST query looks like this sample. See Registry Manager - Query Iot Hub
POST
https://IOTHUB.azure-devices.net/devices/query?api-version=2020-03-13
{
"query": "SELECT deviceId FROM devices"
}
Step 3: Authorization use SAS token, and send the request to test it out.
A similar thread answered by RomanKiss can be read from Get all devices from IoT Azure Hub.
Please let us know if you know further help!
You can call the rest API using the Shared Access Signature. To get a valid token, you can use the Azure CLI like so:
az iot hub generate-sas-token -n <IoT hub name> --policy registryRead
This will produce an output like:
{
"sas": "SharedAccessSignature sr=iothubname.azure-devices.net&sig=kPszxZZZZZZZZZZZZZZZZZAhLTILsVpT0tp5sRSWiDZ0%3D&se=1593446477&skn=registryRead"
}
Then you need to use the value of "sas" as your Authorization header when you do your GET request. Curl example:
curl --location --request GET 'https://iothubname.azure-devices.net/devices?api-version=2019-07-01-preview' \
--header 'Authorization: SharedAccessSignature sr=iothubname.azure-devices.net&sig=kPszxZZZZZZZZZZZZZZZZZAhLTILsVpT0tp5sRSWiDZ0%3D&se=1593446477&skn=registryRead'
I am trying to connect a Minew BLE Gateway Device (https://en.minewtech.com/gateway.html) to azure IOT Central. The device template has a prebuilt for this device named as FM 201 BLE and I just went along with it. The gateway requires you connect it thru the X509(ECC) certificates and so I created some selfsigned certificates and uploaded them to the gateway device and uploaded it from it's dashboard
I grabbed the URL from here
Is there anything I'm doing wrong? I'm expecting something in the analtyics of my iotcentral application or atleast a log file from BLE Gateway somewhere if the authentication with certificates failed. Any lead will be highly appreciated. Ive spent hours on the web trying to get this working
I do recommend the following steps before connecting the real device to the IoT Central:
Create 3 devices (e.g. device1, device2 and device3) each with the different authentication type such as sas, selfSigned and certificateAuthority on the IoT Hub (you can used also the Free tier)
Create the simulated device (console program) for each authentication type, connect them to the IoT Hub and send couple messages.
I believe that all devices will work properly (like in my test), so the authentication through a CA certificate (and the leaf certificate) and self signed certificate are OK.
Note, that the above steps passed in my test using a C# simulated devices (.Net SDK) and also with a MQTT direct protocol with my Azure IoT Hub Tester.
Once your simulated devices are working, this step is to replace them (except the sas device) with your real device. This is a critical step, which will prove it that your real device can be connected to the Azure IoT Hub.
In this step, we are going to replace the IoT Hub by IoT Central Application. You can create a free preview application. You can upload the device template such as FM-201 IoT Gateway and create the 3 devices like in the step1 from this template. Note, use the same device ids like in the step1, we can use the same device leaf certificate.
Using the tool dps_cstr we can get the device connection string for underlying IoT Hub of the IoTC App.
Replace the hostname in your simulated devices and also you need to create the sas token from this connection string for the device authenticate with the sas token.
Run the simulated devices connected to the IoTC App.
Based on my recently test, you will see, that only sas device is working, the others such as certificate devices are failed for authentication error.
This step is for troubleshooting why the X509 simulated devices switching to the IoTC App doesn't authenticate with the same certificates. There is no properly document for this case and I hope that some one from the IoT Central team will answer it if we can switch the X509 device between the IoT Hub and IoTC App like we can do it for sas device.
Update:
Based on the Provisioning Device Client Sample - Microsoft Azure IoT SDK for .NET the steps 6 and 7 are fine for sas device, where the utility dps_cstr will registered a device for a SecurityProviderSymmetricKey. Once the device has been registered and provisioned with this security provider, the real device(s) must be connected using this way, only. That's the reason why we getting an error for simulated x509 devices. So, the following step is an example of the provisioning a X509 device with a leaf certificate (device3.pfx). Note, that the CA certificate must be uploaded to the IoTC Application.
6a. Registering the device3 (from the step1) to the IoTC App
string GlobalDeviceEndpoint = "global.azure-devices-provisioning.net";
string idScope = "<idScope_IoTCapp>";
string certificateFileName = #"<your path>\device3.pfx";
//
var cert = new X509Certificate2(certificateFileName, "1234");
var securityProvider = new SecurityProviderX509Certificate(cert);
var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.TcpOnly);
var provClient = ProvisioningDeviceClient.Create(GlobalDeviceEndpoint, idScope, securityProvider, transport);
var result = provClient.RegisterAsync().Result;
string hostname = result.AssignedHub;
string deviceId = result.DeviceId;
In this point, the device status in the IoTC App is Provisioned and the simulated or real device can be connected.
6b. You can use for a device provisioning to the IoT Central App also the REST APIs. The following screen snippets show provisioning the X509 device3 authenticated by its leaf certificate using the Postman:
In prior of using the REST calls, we have to add the device3 leaf certificate to the Postman:
Now, we can call a provisioning service:
PUT https://global.azure-devices-provisioning.net/0ne000AA0F5/registrations/device3/register?api-version=2019-03-31
To get the registrationState object:
GET https://global.azure-devices-provisioning.net/0ne000AA0F5/registrations/device3/operations/{operationId}?api-version=2019-03-31
As you can see the above picture, the IoTC application is ready for connection with a real X509 device.
"registrationState": {
"x509": {
"enrollmentGroupId": "fa472b95-b5f6-47af-a4ef-9490f45c3961"
},
"registrationId": "device3",
"createdDateTimeUtc": "2020-01-04T17:09:15.5147034Z",
"assignedHub": "iotc-bceedf66-9792-4f32-b49f-7674a6aa09ff.azure-devices.net",
"deviceId": "device3",
"status": "assigned",
"substatus": "initialAssignment",
"lastUpdatedDateTimeUtc": "2020-01-04T17:09:15.6947214Z",
"etag": "IjBmMDA3YTgzLTAwMDAtMGMwMC0wMDAwLTVlMTBjNmJiMDAwMCI="
}
Note, that in the case of provisioning a sas device (such as a device1 in this test) using the REST calls, the Authorization header must be configured with a sas token:
string sas = generateSASToken($"{scopeId}/registrations/{deviceId}", deviceKey, "registration");
7a. The following code snippet is an example of the sending a telemetry data from the X509 device with its leaf certificate (device3.pfx):
using (var dc = DeviceClient.Create(hostname, new DeviceAuthenticationWithX509Certificate(deviceId, cert), Microsoft.Azure.Devices.Client.TransportType.Mqtt))
{
var telemetryDataPoint = new { bleCnt = 50, telemetryLocation = new { lat = 49.85, lon = 20.99, alt = 29.41 } };
dc.OpenAsync().ConfigureAwait(false);
dc.SendEventAsync(new Message(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(telemetryDataPoint)))).ConfigureAwait(false);
dc.CloseAsync().ConfigureAwait(false);
}
Also, using my Azure IoT Hub Tester which is based on the M2Mqtt library the device3 with a leaf certificate device3.pfx has been successful connected to the IoTC app.
Based on the above update, I would like to correct the step 10. It looks like, the devices (such as the sas and X509) can be switched between the Azure IoT Hub and IoT Central Application once the devices have been provisioned on the IoTC App. In other words, the hostname (e.g. from my test IoTC App preview iotc-bceedf66-9792-4f32-b49f-7674a6aa09ff.azure-devices.net) from the provisioning process is a valid device facing endpoint.
Also my test shown that the device with MQTT direct protocol using a leaf certificate (device3.pfx) for connection to the IoTC app is working very well both directions included a PnP model.
The following screen snippets show the device side and IoTC application:
publishing some telemetry data:
showing telemetry data on the dashboard:
and the root CA certificate on the IoTC app:
I am using Simcom SIM 808 to post data to Azure Iot Hub. My problem is that Azure Iot Hub requires a SAS string in the Authorization header, but I can not find a way to add this header. Anyone have experience with sim 808 and Azure iot? Is it possible to add the authorization string to the url?
I am using the SIM800 series AT command manual v 1.07.pdf for reference.
Header arguments that are supported is:
CONTENT, USERDATA and some more.
Here you can find a program I made to send data to my Azure IoT Hub via HTTPS using SIMCOM Modules (SIM800, SIM900...): https://developer.mbed.org/users/BorjaTarazona/code/Azure_SIM800_HelloWorld/
I had the same issue, my problem was that you need to write before your shared access signature "Authorization: ". You need to use the argument "USERDATA" and the command will look like this:
AT+HTTPPARA="USERDATA","Authorization: YourSharedAccessSignature"\r\n
The commands I use to send data to Azure via HTTPS with SIMCOM modules are:
Initialization
Set context type: AT+SAPBR=3,1,"CONTYPE","GPRS"\r\n
Set APN: AT+SAPBR=3,1,"APN","YourAPN"\r\n
Open bearer: AT+SAPBR=1,1\r\n
Query bearer: AT+SAPBR=2,1\r\n
Enable HTTP functions: AT+HTTPINIT\r\n
Enable SSL: AT+HTTPSSL=1\r\n
Data transmission
Set bearer profile identifier: AT+HTTPPARA="CID",1\r\n
Set the URL: AT+HTTPPARA="URL","YourURL"\r\n
Set the shared access signature: AT+HTTPPARA="USERDATA","Authorization: YourSharedAccessSignature"\r\n
Set Content-Type field in the HTTP header: AT+HTTPPARA="CONTENT","application/json"\r\n
Set the JSON string to be sent: AT+HTTPDATA=StringLength,20000\r\nYourJSONString
HTTP POST: AT+HTTPACTION=1\r\n
I have successfully registered the twitter connector with my app and created a user. I'm able to send tweets and the test and info apis both work. Only when I try to retrieve messages the connector returns the following result:
{"Status":{"twitter":{"status":417,"info":"417 Connector returned error: 403 Forbidden"}},"messages":{"twitter":null}}
I send the request to /v2/message/retrieve with the following json body:
{"uri": "unified://twitter"}
curl -XPOST https://apiv2.unificationengine.com/v2/message/retrieve -u USER_ACCESSKEY:USER_ACCESSSECRET --data "{\"uri\":\"unified://UNIQUE_CONNECTION_IDENTIFIER\"}" -k
Can you please check if the above command works for you? The 403 error is returned by twitter (https://dev.twitter.com/overview/api/response-codes).
The problem was that my twitter app didn't have DM permissions. I just saw Read & write and thought that would be enough.
If someone has the same problem, go to your app settings, change the permissions and regenerate your personal access token.