Skip to content

Edge-App Communication

This document provides a step-by-step guide for an application developer on how to use the IED API (auth, edge API). Using an application installed on the IED, the application developer can access the IED API (auth, edge).

An application needs a certificate for secure communication. On each device, the certificate came from the IEM at the time of onboarding (by default). Previously, the device certificate was distributed to the application via events. Whenever new certificates were imported and IP was changed or certificate was expired, then we renewed this device certificate and send event to application for stable communication. But due to some limitations, we need new mechanism for better communication. Whatever events occurred, communication between edge and application should not be broken.

Scope

The app developer can securely access all of the IED APIs with an SSL certificate.

Configurations

In the new mechanism for edge-app communication application needs to create with reverse proxy. As app is reverse proxy, so it is directly joined with ‘proxy-redirect’ network. To use new route an app need to join with ‘proxy-redirect’ network. As the REST endpoint is running HTTPS, the endpoint and necessary trusted certificates are provided to the app via a mount point.

Certificate and IP mount point

The mounting point contains the JSON File which is populated with the self-signed certificate and IP address of the host system to make the REST call. It is located at "/var/run/edgedevice/certsips.json.

The mounting point contains the JSON File which is populated with the self-signed certificate and IP address of the host system to make the REST call. You find it at "/var/run/edgedevice/certsips.json", for example:

{
  "auth-api-path": "<insert api path>",
  "cert-chain": "<insert cert-chain>",
  "edge-certificates": {
    "certificates-chain": "<insert certificate-chain>",
    "service-name": "edge-iot-core.proxy-redirect>"
  },
  "edge-ips": "<insert ip>",
  "secure-storage-api-path": "<insert path>"
}

Note
If the host changes the IP address or updates the certificate then the updated IP Address/ certificate would be reflected in the certsip.json. The correct error handling is required in this case and must be fetched from the certsip.json file again.

Backward Compatibility

App Version IED Version Comment
1(New) 1 Can Call with new route path
0(Old) 1 Can Not Call with new route path
0 0 Can Not Call with new route path
1 0 Can Not Call with new route path

Example workflow

  1. Read IP(s) and certificate from certsips.json.
  2. Call IED API.