Best Practices for Storing Device-Specific SAS Tokens for Multi-Endpoint Communication
Hi guys @IoT Cloud I plan on making a solution where devices need to communicate with multiple endpoints, including an API for non-telemetry data. To avoid additional authentication methods, I'm considering using device-specific SAS tokens generated by a back-end service. Would it be safe to store these tokens in desired properties, or is it better to use the payload of a cloud-to-device message? Are there other recommended approaches for this?
Solution
Storing SAS tokens in desired properties or cloud-to-device message payload has security risks. Consider alternative approaches like device-specific certificates or OAuth for secure authentication and authorization. Consult security experts for the best solution.
I think @LMtx can help out here
I think @LMtx can help out here
The DevHeads IoT Integration Server accelerates technology engineering by helping pro devs learn, share and collaborate.
2,984Members
Resources
Recent Announcements
Similar Threads
Was this page helpful?
