Fleet Connectivity Developer's Guide

Fleet Connectivity Security

Both the dispatcher application and the asset application use the same set of app_id and app_code credentials to authenticate with the Fleet Connectivity for each request. The applications should authenticate the service by verifying the server certificate. The Fleet Connectivity does not use additional authentication or capability/restriction mechanisms. This means the sender_id in a job or event is trusted, and both the dispatchers and all assets have full rights to send and receive arbitrary messages.

You are free to use your existing proprietary authentication and authorization mechanisms on top of the security mechanism described above. Typically, an end user must enter a user name and password into the asset application. Then the asset application uses a defined asset_id for communication with the dispatcher through the Fleet Connectivity. Similarly, an end user logs in with a user name and password at the dispatcher application. Based on this, the dispatcher application uses a defined dispatcher_id when it communicates with the asset application through the Fleet Connectivity.