Nabto Edge Embedded Device SDK
The Nabto Edge Embedded Device SDK is to be integrated with the vendor’s embedded device application. It then provides secure, remote and local access to the vendors application through the Nabto Edge platform. The SDK is open source and ANSI C based.
The Streams API enables exchange of data between client and device on top of a Nabto connection using a socket like abstraction. The stream is reliable and ensures data is received ordered and complete. If either of these conditions cannot be met, the stream will be closed in such a way that it is detectable.
The TCP Tunnel API is a high level wrapper for streaming, allowing applications to tunnel traffic through Nabto by integrating through a simple TCP socket, just like e.g. SSH tunnels. TCP Tunnels can hence be used to quickly add remote access capabilities to existing applications that already support TCP communication.
The CoAP API allows exchange of CoAP messages on top of a Nabto connection between a client and device. This is conceptually similar to Nabto 4 RPC but much more robust and complete.
Service invocation allows the device to invoke a custom HTTP service configured in the basestation. This makes it possible to integrate with external services without needing a client initiated connection to the device - and without needing an HTTPS client implementation on the device.
FCM NOTIFICATIONS (MOBILE PUSH)
In Nabto Edge, local devices are discovered using mDNS (BonJour). A device application can either use the built in mDNS functionality or use a third party mDNS implementation. This section describes the built-in mDNS implementation to allow clients to discover a device.
Nabto Edge supports password authentication. It is recommended to only use this in initial bootstrapping (pairing) and then subsequently use public key based authentication. This pattern is implemented by the Nabto Edge IAM module that makes it simple to use for applications. But the low-level password authenticaton API is also available for application to use if desired.
The Authorization API allows the application to make authorization decisions for the core. That is, the core asks the application to decide if a given authorization request should be approved or rejected. By using the IAM module, this API invoked automatically to enforce IAM policies on client connections.
SERVER CONNECT TOKENS
Server connect tokens enable the device to decide who can access it through the server (basestation). The tokens should not be used as the only authorization mechanism but be seen as a filter for which connections is allowed from the internet to the device, e.g. to prevent DoS attacks on devices.