Search

Login

Become a leader in the IoT community!

New DevHeads get a 320-point leaderboard boost when joining the DevHeads IoT Integration Community. In addition to learning and advising, active community leaders are rewarded with community recognition and free tech stuff. Start your Legendary Collaboration now!

Step 1 of 5

CREATE YOUR PROFILE *Required

OR
Step 2 of 5

WHAT BRINGS YOU TO DEVHEADS? *Choose 1 or more

Collaboration & Work 🤝
Learn & Grow 📚
Contribute Experience & Expertise 🔧
Step 3 of 5

WHAT'S YOUR INTEREST OR EXPERTISE? *Choose 1 or more

Hardware & Design 💡
Embedded Software 💻
Edge Networking
Step 4 of 5

Personalize your profile

Step 5 of 5

Read & agree to our COMMUNITY RULES

  1. We want this server to be a welcoming space! Treat everyone with respect. Absolutely no harassment, witch hunting, sexism, racism, or hate speech will be tolerated.
  2. If you see something against the rules or something that makes you feel unsafe, let staff know by messaging @admin in the "support-tickets" tab in the Live DevChat menu.
  3. No age-restricted, obscene or NSFW content. This includes text, images, or links featuring nudity, sex, hard violence, or other graphically disturbing content.
  4. No spam. This includes DMing fellow members.
  5. You must be over the age of 18 years old to participate in our community.
  6. Our community uses Answer Overflow to index content on the web. By posting in this channel your messages will be indexed on the worldwide web to help others find answers.
  7. You agree to our Terms of Service (https://www.devheads.io/terms-of-service/) and Privacy Policy (https://www.devheads.io/privacy-policy)
By clicking "Finish", you have read and agreed to the our Terms of Service and Privacy Policy.

Best Practices for Storing Device-Specific SAS Tokens for Multi-Endpoint Communication

Or Ask a Question?

Hi guys @IoT Cloud I plan on making a solution where devices need to communicate with multiple endpoints, including an API for non-telemetry data. To avoid additional authentication methods, I’m considering using device-specific SAS tokens generated by a back-end service. Would it be safe to store these tokens in desired properties, or is it better to use the payload of a cloud-to-device message? Are there other recommended approaches for this?

  1. Joseph Ogbonna#0000
    11/21/2024 at 10:26 pm

    Storing SAS tokens in desired properties or cloud-to-device message payload has security risks. Consider alternative approaches like device-specific certificates or OAuth for secure authentication and authorization. Consult security experts for the best solution.

    I think @lmtx can help out here

  2. Daniel kalu#0000
    11/21/2024 at 10:26 pm

    Thanks for the warning. Can you please provide more info on using device-specific certificates or OAuth for secure authentication and authorization, Any resources or guidance would be helpful too

  3. Joseph Ogbonna#0000
    11/21/2024 at 10:26 pm

    This will be of help

    https://my.avnet.com/silica/solutions/iot/secure-device-management-provisioning/iot-security-series/device-authentication-authorisation/

CONTRIBUTE TO THIS THREAD

Realtime Data

How do I set up UART communication between BeagleBone Black and Esp32?

Does anyone know what happened to face detection in esp32 cam?

Any advices on optimizing realtime loT applications with Edge Impulse on my Raspberry Pi 4

RELATED THREADS
Upcoming Events

12

Dec

Medical is Broken: How Modern Firmware Practices Transform Productivity Challenges into Opportunity

24

Nov

Engineering Hour: Gesture Recognition Pipelines, Training & Model Deployment with TF Lite & FreeRTOS

Leaderboard

RANKED BY XP

All time
  • 1.
    Avatar
    @Nayel115
    1620 XP
  • 2.
    Avatar
    @UcGee
    650 XP
  • 3.
    Avatar
    @melta101
    600 XP
  • 4.
    Avatar
    @lifegochi
    250 XP
  • 5.
    Avatar
    @Youuce
    180 XP
  • 6.
    Avatar
    @hemalchevli
    170 XP