Access Keys

To connect your devices to the Losant MQTT Broker, you must use a set of security credentials called access keys. Access keys consist of a generated key and secret pair. An access key can be used to authenticate multiple devices in an application, or multiple access keys can be created to scope your devices into virtual security groups.

You can view the access keys for an application by choosing “Access Keys” in the Application menu bar.

Generating an Access Key

Access keys can be added to your application by using the “Add Access Key” button on the Access Keys page.

Access Key Device Restrictions

Access keys can be valid for any device within an application or restricted to only a subset of devices.

NOTE: For production, it’s best practice to not make a key for all devices.

A restricted key will only be usable for authentication of the devices you define, and any device authenticated using a restricted key will be able to see state and command MQTT topics of only other devices that are in that same restricted scope. Restrictions can be specified with a Device Query and/or Device Tag Query.

Additional MQTT Topics Access

By default, access keys only allow access to the device-specific topics (e.g. state and commands) for every device you have allowed. Optionally, you can specify multiple non-device MQTT topics.

Additional MQTT Topics:

• All topics: Allow access to device-specific topics and all custom topics
• No additional topics: (default) Allow access to only device-specific topics
• Only the following topics…: Allow access to device-specific topics and only the listed custom topics.
• All except the following topics…: Allow access to device-specific topics and none of the listed custom topics.

If you choose “Only the following topics…” or “All except the following topics…,” you will also need to provide a list of allowed/disallowed publish topics and a list of allowed/disallowed subscribe topics. Topics must be valid MQTT topics, and furthermore, they cannot be MQTT system topics, or Losant-specific topics (ex. /losant/DEVICE_ID/state).

Note: Device restrictions cannot be edited after the key is created, while MQTT Topic can be edited after key creation.

Access Secret

After creating, the newly generated key and secret will be displayed. You will either need to copy your key and secret to a secure location or download them to a file on your computer.

IMPORTANT: Losant does not store key secrets, and they cannot be recovered or regenerated if lost. If you fail to save your key secret before closing the window, you will have to generate a new access key / secret pair.

After you’ve saved your access key and secret, check the “I have copied my access key and secret to a safe place” box and click “Close Window”.

Deleting / Deactivating an Access Key

To temporarily deactivate an access key:

• Click the switch alongside the access key in the list view, OR
• From the access key’s detail page, toggle the switch from “active” to “inactive”.

If an access key is no longer needed, or you believe it has been compromised, you may permanently delete it by:

• Clicking on the Delete icon in the access key list, OR
• Clicking the Delete Access Key button on the access key’s detail page

Using Access Keys

To find out more about using access keys with our MQTT clients, check out the various Losant MQTT client libraries. To learn more about using access keys with our REST API, check out the various Losant REST client libraries.