Access Keys
To connect your devices to the WEGnology MQTT Broker, you must use a set of security credentials called access keys. Access keys consist of a generated key and secret pair. An access key can be used to authenticate multiple devices in an application, or multiple access keys can be created to scope your devices into virtual security groups.
You can view the access keys for an application by choosing “Access Keys” in the Application menu bar.
Generating an Access Key
Access keys can be added to your application by using the “Add Access Key” button on the Access Keys page.
Access Key Device Restrictions
Access keys can be valid for any device within an application or restricted to only a subset of devices.
NOTE: For production, it’s best practice to not make a key for all devices.
A restricted key will only be usable for authentication of the devices you define, and any device authenticated using a restricted key will be able to see state and command MQTT topics of only other devices that are in that same restricted scope. Restrictions can be specified with a Device Query and/or Device Tag Query.
Additional MQTT Topics Access
By default, access keys only allow access to the device-specific topics (e.g. state and commands) for every device you have allowed. Optionally, you can specify multiple non-device MQTT topics.
Additional MQTT Topics:
- All topics: Allow access to device-specific topics and all custom topics
- No additional topics: (default) Allow access to only device-specific topics
- Only the following topics…: Allow access to device-specific topics and only the listed custom topics.
- All except the following topics…: Allow access to device-specific topics and none of the listed custom topics.
If you choose “Only the following topics…” or “All except the following topics…,” you will also need to provide a list of allowed/disallowed publish topics and a list of allowed/disallowed subscribe topics. Topics must be valid MQTT topics, and furthermore, they cannot be MQTT system topics, or WEGnology-specific topics (ex. /wnology/DEVICE_ID/state).
Note: Device restrictions cannot be edited after the key is created, while MQTT Topic can be edited after key creation.
Access Secret
After creating, the newly generated key and secret will be displayed. You will either need to copy your key and secret to a secure location or download them to a file on your computer.
IMPORTANT: WEGnology does not store key secrets, and they cannot be recovered or regenerated if lost. If you fail to save your key secret before closing the window, you will have to generate a new access key / secret pair.
After you’ve saved your access key and secret, check the “I have copied my access key and secret to a safe place” box and click “Close Window”.
Deleting / Deactivating an Access Key
To temporarily deactivate an access key:
- Click the switch alongside the access key in the list view, OR
- From the access key’s detail page, toggle the switch from “active” to “inactive”.
If an access key is no longer needed, or you believe it has been compromised, you may permanently delete it by:
- Clicking on the
Delete
icon in the access key list, OR - Clicking the
Delete Access Key
button on the access key’s detail page
Using Access Keys
To find out more about using access keys with our MQTT clients, check out the various WEGnology MQTT client libraries. To learn more about using access keys with our REST API, check out the various WEGnology REST client libraries.
Was this page helpful?
Still looking for help? You can also search the WEGnology Forums or submit your question there.