To connect your devices to the Losant MQTT Broker, you must use a set of security credentials called access keys. Access keys consist of a generated key and secret pair. An access key can be used to authenticate multiple devices in an application, or multiple access keys can be created to scope your devices into virtual security groups.
You can view the access keys for an application by choosing “Access Keys” in the Application menu bar.
Access keys can be added to your application by using the “Add Access Key” button on the Access Keys page.
Access keys can be valid for any device within an application or restricted to only a subset of devices.
NOTE: For production, it’s best practice to not make a key for all devices.
A restricted key will only be usable for authentication of the devices you define, and any device authenticated using a restricted key will be able to see state and command MQTT topics of only other devices that are in that same restricted scope. Restrictions can be specified with a Device Query and/or Device Tag Query.
Additional MQTT Topics:
- All topics: Allow access to device-specific topics and all custom topics
- No additional topics: (default) Allow access to only device-specific topics
- Only the following additional topics… : Allow access to device-specific topics and specific custom topics.
Topics must be valid MQTT topics, and furthermore, they cannot be MQTT system topics, or Losant-specific topics (ex. /losant/DEVICE_ID/state). As well as specifying topics you can restrict access to subscribing and/or publishing of each particular topic.
Note: Device restrictions cannot be edited after the key is created, while MQTT Topic can be edited after key creation.
After creating, the newly generated key and secret will be displayed. You will either need to copy your key and secret to a secure location or download them to a file on your computer.
IMPORTANT: Losant does not store key secrets, and they cannot be recovered or regenerated if lost. If you fail to save your key secret before closing the window, you will have to generate a new access key / secret pair.
After you’ve saved your access key and secret, check the “I have copied my access key and secret to a safe place” box and click “Close Window”.
To temporarily deactivate an access key:
- Click the switch alongside the access key in the list view, OR
- From the access key’s detail page, toggle the switch from “active” to “inactive”.
If an access key is no longer needed, or you believe it has been compromised, you may permanently delete it by:
- Clicking on the
Deleteicon in the access key list, OR
- Clicking the
Delete Access Keybutton on the access key’s detail page
To find out more about using access keys with our MQTT clients, check out the various Losant MQTT client libraries. To learn more about using access keys with our REST API, check out the various Losant REST client libraries.