ThingWorx provides features such as single sign-on authentication, directory services authentication, creation of authenticators and application keys to manage security of your applications.

It is recommended that you authenticate the data sent by a connected device to the ThingWorx Platform using application keys for such authentication.

The application key is associated with a user. Users represent an individual person or connected system. The key has all permissions that are granted to the user. It is recommended that you use the principle of the least privilege while creating and assigning privileges to application keys.

It is not recommended to assign a member of the Administrator group to an application key. If administrative access is necessary, create and add the User as a member of the SecurityAdministrators and Administrator User Groups.

For encrypted communications, use HTTPS.

It is recommended that you set the IP whitelist for the application key. This enables the server to specify that only certain IP addresses should be able to use a given key ID for access. You can specify a single IP in case of static IP address. For example, connected web-based business systems can have a static IP, from which all the calls are made. You can use wildcards to specify a range of IPs addresses for devices with dynamic IP addresses.

Whitelisting is not recommended for devices that continually change networks and IP addresses. They may lose the ability to connect when the IP whitelist feature is used.