Authentication

There are two authentication methods:

• Using X.509 certificates.
• Using a username and password.

You can use both X.509 certificates and passwords at the same time. Note that passwords have a higher priority than certificates. The table below describes different ways to use a certificate and password simultaneously during authentication.

Authentication using certificatesAuthentication using certificates

When authenticating with X.509 certificates, private keys and certificates stored as .pem files are used. They are stored on a device or in a registry.

• For a private key, you specify the path to the .pem file when sending messages or subscribing to receive messages.
• You add the certificate to the device or registry and specify the path to the .pem file with the certificate when sending messages or subscribing to receive messages.

Each certificate must be unique. You can't add the same certificate to two different devices or a device and a registry. To send and receive messages in a topic, you need to use two different certificates.

Authenticating by username and passwordAuthenticating by username and password

When authenticating with your username and password:

• The username is the ID of the device or registry.
• The password is a combination of characters that you specify. You can also generate your password via the YC CLI.
  • Minimum password length is 14 characters.
  • The password must contain three groups of characters out of these four: lowercase Latin letters, uppercase Latin letters, numbers, and special characters.

See alsoSee also

• Relationships between resources in Yandex IoT Core
• Creating a certificate
• Managing device certificates
• Managing registry certificates
• Managing device passwords
• Managing registry passwords