Best Practices for General Security of ThingWorx Solutions
ThingWorx provides features such as single sign-on authentication, directory services authentication, creation of authenticators and application keys to manage security of your solutions.
Application Key for Communication
It is recommended that you authenticate the data sent by a connected device to the ThingWorx Platform using application keys for such authentication.
The application key is associated with a user. Users represent an individual person or connected system. The key has all permissions that are granted to the user. It is recommended that you use the principle of the least privilege while creating and assigning privileges to application keys.
It is not recommended to assign a member of the Administrator group to an application key. If administrative access is necessary, create and add the user as a member of the SecurityAdministrators and Administrator user groups.
For encrypted communications, use HTTPS.
Allow Specific IPs for Application Keys
It is recommended that you allow specific IPs for the application key. This enables the server to specify that only certain IP addresses should be able to use a given key ID for access. You can specify a single IP in case of static IP address. For example, connected web-based business systems can have a static IP, from which all the calls are made. You can use wildcards to specify a range of IPs addresses for devices with dynamic IP addresses.
This is not recommended for devices that continually change networks and IP addresses. They may lose the ability to connect when this feature is used.