Fleet Connectivity Extension API Security
Both the dispatcher application and the asset application use the same set of
app_code credentials to authenticate with the Fleet Connectivity Extension API for each request. The applications should authenticate the service by verifying the server certificate. The Fleet Connectivity Extension API does not use additional authentication or capability/restriction mechanisms. This means the
sender_id in a job or event is trusted, and both the dispatchers and all assets have full rights to send and receive arbitrary messages.
You are free to use your existing proprietary authentication and authorization mechanisms on top of the security mechanism described above. Typically, an end user must enter a user name and password into the asset application. Then the asset application uses a defined
asset_id for communication with the dispatcher through the Fleet Connectivity Extension API. Similarly, an end user logs in with a user name and password at the dispatcher application. Based on this, the dispatcher application uses a defined
dispatcher_id when it communicates with the asset application through the Fleet Connectivity Extension API.