Infuse-IoT Cloud

Provisioning

Register devices, derive provisioning keys, and issue connectivity credentials.

Provisioning connects a physical or logical device to Infuse-IoT Cloud so it can authenticate and communicate with the platform.

Production provisioning is still usually API-led. Your backend, manufacturing system, gateway, or commissioning tool should own device creation, key derivation, credential handling, and persistence of returned identifiers.

The console helps with adjacent setup and operations: create boards, create networks, inspect devices after they exist, generate MQTT tokens, dispatch test commands, and review state. Do not use the console as the primary system of record for high-volume provisioning.

Infuse-IoT Cloud currently uses the legacy organisation-level admin token flow described in API Tokens. Do not expose Infuse-IoT Cloud admin credentials in browsers, mobile apps, firmware repositories, or customer-visible examples.

Console-Assisted Setup

Before automating device registration, you can use the console to prepare or verify shared resources:

  1. Open Infuse IoT > API Access and confirm the linked Infuse IoT organisation ID.
  2. Open Boards and create the board profile if it does not already exist.
  3. Open Networks and create the network if your deployment model requires one.
  4. Use the API-led provisioning flow to create devices and derive key material.
  5. Return to Devices to confirm the device appears and starts reporting state.

Provisioning Flow

  1. Resolve or create the owning organisation with GET /organisation or POST /organisation.
  2. Resolve or create the board profile with GET /board or POST /board.
  3. Resolve or create a network with GET /network or POST /network if your deployment model uses networks.
  4. Create the device with POST /device, including mcuId, boardId, organisationId, and any metadata you need for reconciliation.
  5. Fetch the cloud public key with GET /key/publicKey.
  6. Generate shared or derived device key material with /key/sharedSecret and /key/derived/device.
  7. Generate an organisation-scoped MQTT token with POST /mqtt/token when your device or broker integration needs MQTT access.
  8. Confirm the device can communicate by reading state or last-route data.

Key Workflows

Infuse-IoT Cloud exposes key endpoints for secure provisioning and device communication:

TaskEndpoint
Fetch current cloud public keyGET /key/publicKey
Generate a shared secret from a device public keyPOST /key/sharedSecret
Derive a device encryption keyPOST /key/derived/device

Keep key derivation and secret handling inside trusted backend or manufacturing systems. Device-specific credentials should be rotated if a device is replaced, reassigned, or exposed.

Connectivity Credentials

Use POST /mqtt/token or Infuse IoT > API Access to issue a short-lived MQTT token scoped to the linked Infuse IoT organisation. The response includes the token, issue time, and expiry time.

MQTT tokens are not a replacement for long-term credential management. Issue them from a trusted backend for production integrations and respect the expiry time in device or gateway code.

GroupEndpoint
OrganisationsGET /organisation, POST /organisation, GET /organisation/id/{id}, GET /organisation/name/{name}
BoardsGET /board, POST /board, GET /board/id/{id}
NetworksGET /network, POST /network
DevicesPOST /device, GET /device/deviceId/{deviceId}, GET /device/id/{id}
KeysGET /key/publicKey, POST /key/sharedSecret, POST /key/derived/device
MQTTPOST /mqtt/token

For a full sequence, see Connect an IoT Device.