Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Blog
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
Yandex project
© 2023 Yandex.Cloud LLC
Yandex IoT Core
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Sending messages
    • Subscribing a device or registry to receive messages
    • Viewing the connection log
    • Creating a trigger for a topic
    • Managing registries
      • Getting information about registries
      • Creating a registry
      • Updating a registry
      • Deleting a registry
    • Managing devices
      • Managing topic aliases
        • Creating an alias
        • Getting a list of aliases
        • Updating an alias
        • Deleting an alias
      • Getting information about devices
      • Creating a device
      • Updating a device
      • Deleting a device
    • Managing brokers
      • Getting information about a broker
      • Creating a broker
      • Updating a broker
      • Deleting a broker
    • Managing certificates
      • Create a certificate
      • Managing registry certificates
      • Managing device certificates
      • Managing broker certificates
    • Managing passwords
      • Managing registry passwords
      • Managing device passwords
      • Managing broker passwords
  • Concepts
    • Authorization
    • Relationship between service resources
    • MQTT server connection parameters
    • Sending messages to an MQTT server via gRPC
    • Topic
      • Overview
      • Device topics
      • Registry topics
      • Subtopic
      • Using topics
    • Backups
    • Quotas and limits
  • Practical guidelines
    • All tutorials
    • Working with Mosquitto
      • Sending messages
      • Subscribing a device or registry to receive messages
    • Working with Yandex IoT Core from an Android device in Java
    • Working with Yandex IoT Core in C#
    • Working with Yandex IoT Core in Java
    • Writing data from a device to Managed Service for PostgreSQL
  • Access management
  • Pricing policy
  • Devices API reference
    • Authentication in the API
    • gRPC
      • Overview
      • DeviceDataService
      • DeviceService
      • RegistryDataService
      • RegistryService
      • OperationService
    • REST
      • Overview
      • DeviceData
        • Overview
        • publish
      • Device
        • Overview
        • addCertificate
        • addPassword
        • create
        • delete
        • deleteCertificate
        • deletePassword
        • get
        • getByName
        • list
        • listCertificates
        • listOperations
        • listPasswords
        • update
      • RegistryData
        • Overview
        • publish
      • Registry
        • Overview
        • addCertificate
        • addPassword
        • create
        • delete
        • deleteCertificate
        • deletePassword
        • get
        • getByName
        • list
        • listCertificates
        • listDeviceTopicAliases
        • listOperations
        • listPasswords
        • update
  • Broker API reference
    • Authentication in the API
    • gRPC
      • Overview
      • BrokerDataService
      • BrokerService
      • OperationService
    • REST
      • Overview
      • BrokerData
        • Overview
        • publish
      • Broker
        • Overview
        • addCertificate
        • addPassword
        • create
        • delete
        • deleteCertificate
        • deletePassword
        • get
        • list
        • listCertificates
        • listOperations
        • listPasswords
        • update
  • Questions and answers
  1. Concepts
  2. Authorization

Authorization

Written by
Yandex Cloud
  • Authorization using certificates
  • Authorization using a username and password

There are two authorization methods:

  • Using X.509 certificates.
  • Using a username and password.

You can use both X.509 certificates and passwords at the same time. Note that passwords have a higher priority than certificates. The table below describes different ways to use a certificate and password simultaneously during authorization.

Certificate Password Authorization
Invalid Invalid Authorization fails.
Invalid Correct Authorization is successful.
Correct Invalid Authorization fails.
Correct Correct Authorization using a username and password is successful.
Correct,
but for a different device
Correct Authorization is performed on behalf of the device whose ID is specified in the username.

Authorization using certificates

When logging in with X.509 certificates, private keys and certificates stored as .pem files are used. They are stored on a device or in a registry.

  • For a private key, you specify the path to the .pem file when sending messages or subscribing to receive messages.
  • You add the certificate to the device or registry and specify the path to the .pem file with the certificate when sending messages or subscribing to receive messages.

Each certificate must be unique. You can't add the same certificate to two different devices or a device and a registry. To send and receive messages in a topic, you need to use two different certificates.

Warning

No additional settings are required for working with the MQTT broker integrated in the YC CLI (yc iot mqtt --help). If you use third-party libraries or applications (such as Mosquitto) as an MQTT broker, use the MQTT broker connection parameters.

Authorization using a username and password

When logging in with your username and password:

  • The username is the ID of the device or registry.
  • The password is a combination of characters that you specify. You can also generate your password via the YC CLI.
    • Minimum password length is 14 characters.
    • The password must contain 3 out of 4 groups of characters: lowercase Latin letters, uppercase Latin letters, numbers, and special characters.

See also

  • Relationships between resources in Yandex IoT Core.
  • Create a certificate.
  • Managing device certificates.
  • Managing registry certificates.
  • Managing device passwords.
  • Managing registry passwords.

Was the article helpful?

Language / Region
Yandex project
© 2023 Yandex.Cloud LLC
In this article:
  • Authorization using certificates
  • Authorization using a username and password