ThingWorx Azure IoT Hub Connector > Security and the Azure IoT Hub Connector
Security and the Azure IoT Hub Connector
Application keys are used to secure communications between the Azure IoT Hub Connector and the ThingWorx Platform. On the Azure IoT Hub, authentication is done through "access keys," which function like a password. The access key for a device is unique to that device. The Device Registry of the Azure IoT Hub maintains device and authentication information to verify and validate edge devices.
Application Key Authentication
As part of configuring the Azure IoT Hub Connector, you must generate an application key using ThingWorx Composer and then set the app-key property in the configuration of the Azure IoT Hub Connector. The application key is used to authenticate requests from the Connector to ThingWorx.
The value of the application key and the user account under which the key was generated are used by ThingWorx to determine if the requested action is permissible or not. For example, if the key is a match, but the user account associated with the key does not have sufficient permissions, the request is denied.
The default lifetime for an application key is 24 hours (as of ThingWorx Platform 8.1). Make sure that you change this expiration date when you set up the application key for your Connector.
Security by Components
Secure Communications
Azure IoT Edge device
Edge device uses Azure SDK application to connect to the Azure IoT Hub.
Azure Edge device uses secure (SSL/TLS) connection to the Azure Broker.
Device ID and Access Key
ThingWorx Azure IoT Hub Adapter and Connector
Azure IoT Hub Adapter connects to an Azure IoT Service Endpoint to ingest ingress data.
It also sends requests to Azure Service endpoints to write egress updates.
The Azure IoT Hub Adapter needs appropriate credentials and a connection string to communicate with the Azure IoT Hub. Configured for the AzureIotHub Thing in ThingWorx Composer, these credentials and the connection string are protected by a shared key between the Connector and the ThingWorx Platform. This key is stored in a configured keystore file.
Connection string content, which in Azure is a key + service + edge identifier.
Azure IoT Hub Connector connects to a ThingWorx Platform.
SSL/TLS for the connection between the Connector and the platform. file.
Standard ThingWorx authentication via encrypted application key.
Steps for Setting Up Security
Several steps of the getting started process contribute to the security setup for the Azure IoT Hub Connector: