Technical Documentation: Device authentication

The MQTT-Endpoint of Proficloud.io is TLS secured and requires client certificate based authentication. In addition to that every device has a specific token which is used to authenticate data packages inside the platform.

Certificate- and token- enrolment and renew

Every device requests the state of his certificate before connect over HTTPS. There are 3 cases for the response:

  1. Device was not claimed/registered in a Proficloud.io account → Device retries this request in a cyclic order.
  2. Device was claimed/registered and not connected before: Device requests its certificate, private key and token for the first time. After the successful transfer it confirms the transaction by calling the Proficloud.io. This information can only be gotten once, till the new certificate is again shortly before expiration.
  3. Device was already connected, but the certificate will expire in at least 2 weeks or is already expired: Device requests new certificate and private key. After the successful transfer it confirms the transaction by calling Proficloud.io. The initial provisioning process can only be done once.
Every device requests the state of his certificate before connect over HTTP.