The chat responses are generated using Generative AI technology for intuitive search and may not be entirely accurate. They are not intended as professional advice. For full details, including our use rights, privacy practices and potential export control restrictions, please refer to our Generative AI Service Terms of Use and Generative AI Service Privacy Information. As this is a test version, please let us know if something irritating comes up. Like you get recommended a chocolate fudge ice cream instead of an energy managing application. If that occurs, please use the feedback button in our contact form!
Skip to content
Insights Hub and Industrial IoT

Insights Hub drives smart manufacturing through the industrial Internet of Things. Gain actionable insights with asset and operational data and improve your processes.

MindConnect MQTT API¶

Idea¶

The MindConnect MQTT API provides functionality for applications to manage the certificates for securely connecting the MQTT agents with Industrial IoT. With appropriate authentication, the API can be easily integrated into applications hosted in an enterprise system or likewise.

For further information about the MindConnect MQTT Sync API, refer to the MindConnect MQTT API specification.

Info

  • The MindConnect MQTT Service is currently available in region Europe 1.
  • MindConnect MQTT Service is not available for VPC.

Access¶

For accessing this service, your application or service needs to have the respective roles listed in MindConnect MQTT roles and scopes.

Basics¶

CA Certificate¶

All MQTT-based devices that wish to connect to Insights Hub must authenticate using a unique certificate identity.

Registration Code¶

The user needs to get the registration code to use it as the common name of the verification certificate.

Verification Certificate¶

For Insights Hub to make sure that the certificate uploader also possesses the corresponding private key, the user needs to prove the possession of the private key by issuing a verification certificate with the common name provided by Insights Hub using the private key.

Auto-Generated Agent Certificate¶

The MQTT agent needs to authenticate with an agent certificate. MindConnect MQTT agents can request auto-generated agent certificate using the "create auto-generated agent certificate" endpoint. It is available in the region Europe 1.

Agent Certificate¶

An agent can be onboarded using an agent certificate issued by the environment's CA certificate.

To successfully connect, onboard, and communicate with the MQTT broker, each client needs to use a clientId in the following format:

<clientId>=<tenant>_<AgentCertificate.Subject.CommonName>

Features¶

The MindConnect MQTT exposes its API for realizing the following:

  • Upload a new CA certificate
  • Get the uploaded CA certificates
  • Get the CA Certificate with id
  • Delete the CA certificate by id
  • Verify the existing CA certificate
  • Get a CA certificate's registration code

The following tasks are currently available in the region Europe 1:

  • Create auto-generated agent certificate
  • Get auto-generated agent certificates
  • Get auto-Generated Agent Certificate with id
  • Delete auto-Generated Agent Certificate by id

Limitations¶

In order to give optimal performance, MindConnect MQTT API provides technical limits on API usage and resources which needs to be incorporated while using it. API technical limits are documented here.

The following are the technical limits for resource usage:

ResourceTechnical Limit
Maximum CA certificates count per environment2

Note

These limits are enforced on Capability Package based environments only.

Example Scenario¶

The ACME company has an IT department regulating the security of the enterprise. The security system manages the issuing of the device certificates using an enterprise application. This system has authorized the administrators to upload the CA and verification certificates using these APIs. This application issues the device certificates to IT users when they want to connect the device.