IAM Tokens

Identity and Access Management (IAM) tokens provide access to a limited scope on the Beebotte account. This is the recommended method to grant custom access to Beebotte for data or management operations.

IAM Tokens allow a user to grant custom access level to Beebotte resources. The following lists the different access scopes that can be associated with an IAM Token:

  • Data Access
    • data:read Read access on channel resource data. This includes subscribe calls for receiving data in real-time.
    • data:write Write access on channel resources. This includes publish calls with transient messages.
  • Connection Management
    • admin:connection:read Read access on active connections.
    • admin:connection:write Write (drop) access on active connections.
  • Channel Management
    • admin:channel:read Read (get and list) access on channels.
    • admin:channel:write Write (create, update, delete) access on channels.
  • Beerule Management
    • admin:beerule:read Read (get, list) access on client Beerules.
    • admin:beerule:write Write (create, update, delete) access on Beerules.
    • admin:beerule:execute Execute (invoke) access on Beerules.
  • IAM Management
    • admin:iam:read Read access on IAM - identity and access tokens.
    • admin:iam:write Write (create, revoke) access on IAM - identity and access tokens.

Authentication with IAM Tokens

IAM Tokens are prefixed by iamtkn_, they can be used to authenticate and authorize access.

  • REST API through HTTP Authorization header
  • REST API through token query parameter
  • Beebotte Websocket Connection
  • Beebotte MQTT Connection

IAM Token authentication using Authorization Header example:
POST /v1/data/write/demo/resource1 HTTP/1.1
Content-Type: application/json
Date: Mon, 07 Oct 2013 14:04:50 GMT
host: beebotte.com
X-Auth-Token: iamtkn_1234567890

{"data":"37","ts":1400761008646}

IAM Token authentication using token query parameter example:
POST /v1/data/write/demo/resource1?token=1234567890 HTTP/1.1
Content-Type: application/json
Date: Mon, 07 Oct 2013 14:04:50 GMT
host: beebotte.com

{"data":"37","ts":1400761008646}

Beebotte SDKs:
//Include the Beebotte SDK for nodejs
var bbt = require('beebotte');

var bclient = new bbt.Connector({token: 'iamtkn_TOKEN_CONTENT'});
# Include the Beebotte SDK for Python
from beebotte import *

bclient = BBT(token = "iamtkn_TOKEN_CONTENT")

Websocket (Socketio) Connection:
//Include the Beebotte SDK for nodejs
var bbt = require('beebotte');
bclient = bbt.Stream({transport: {
  type: 'socketio',
  token: 'iamtkn_TOKEN_CONTENT'
})

MQTT Connection:

You can use Beebotte Nodejs SDK to connect to Beebotte using MQTT as follows:

//Include the Beebotte SDK for nodejs
var bbt = require('beebotte');
bclient = bbt.Stream({transport: {
  type: 'mqtt',
  token: 'iamtkn_TOKEN_CONTENT'
})

If you are using an MQTT client library, provide iamtkn_TOKEN_CONTENT as username and leave the password blank.

Beebotte Documentation