Menu

Rate this page:

Thanks for rating this page!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

Devices REST: Certificates

A Certificate is a credential that enables your devices to connect to gateways of Twilio Sync for IoT. In Twilio domain, the Certificate consists of a public SID that identifies it and a public thumbprint (fingerprint, using SHA256 hash over entire certificate). A single Certificate may simultaneously belong to just one Device, however each Device may have multiple certificates.

Unlike Key credentials, Certificates are generated by Twilio developers offline, and then enrolled via IoT Device Manager.

Certificates allow the developer to:

  • Authenticate the devices in order to reliably establish their identity and access to Twilio services
  • Keep the private keys undisclosed, ideally never leaving the device that generated them
  • Revoke access to Twilio services for individual devices if they get compromised
  • Renew access rights periodically, e.g. per a certificate expiration policy

For more information on managing certificates and their dependencies, please refer to Adding Credentials documentation.

Twilio Console

You can manage Certificates of your Sync IoT devices using your Twilio console when logged in to the console.

Properties

Each Certificate resource has the following properties. Some of them are optional and allowed to be null: friendly_name, device_sid.

Names in PHP format
sid
sid<CY> Not PII

Contains a 34 character string that uniquely identifies this Certificate credential resource.

url
url Not PII

Contains an absolute URL for this Certificate credential resource.

friendlyName
string Not PII

Contains a human readable descriptive text for this Certificate credential, up to 256 characters long.

fleetSid
sid_like<FL> Not PII

Specifies the unique string identifier of the Fleet that the given Certificate credential belongs to.

accountSid
sid<AC> Not PII

Specifies the unique string identifier of the Account responsible for this Certificate credential.

deviceSid
sid<TH> Not PII

Specifies the unique string identifier of a Device authenticated with this Certificate credential.

thumbprint
string Not PII

Contains a unique hash of the payload of this Certificate credential, used to authenticate the Device.

dateCreated
date_time<iso8601> Not PII

Specifies the date this Certificate credential was created, given in UTC ISO 8601 format.

dateUpdated
date_time<iso8601> Not PII

Specifies the date this Certificate credential was last updated, given in UTC ISO 8601 format.

List All Certificates

GET /Fleets/{FLxx|UniqueName}/Certificates

Retrieve a list of all Certificate credentials belonging to the Fleet.

Note: By default, this will return the first 50 Certificates. Supply a PageSize parameter to fetch up to 100 items at once. See paging for more information.

List Filters

The following GET query string parameters allow you to limit the list returned. Note that the parameters are case-sensitive:

Names in PHP format
deviceSid
Optional
get sid<TH> Not PII

Filters the resulting list of Certificates by a unique string identifier of an authenticated Device.

        
        
        
        

        Create a Certificate

        POST /Fleets/{FLxx|UniqueName}/Certificates
        

        Enroll a new Certificate credential to the Fleet, optionally giving it a friendly name and assigning to a Device.

        Parameters

        Names in PHP format
        certificateData
        Required
        post string Not PII

        Provides a URL encoded representation of the public certificate in PEM format.

        friendlyName
        Optional
        post string Not PII

        Provides a human readable descriptive text for this Certificate credential, up to 256 characters long.

        deviceSid
        Optional
        post sid<TH> Not PII

        Provides the unique string identifier of an existing Device to become authenticated with this Certificate credential.

              
              
              
              

              Retrieve a Certificate

              GET /Fleets/{FLxx|UniqueName}/Certificates/{CYxx}
              

              Fetch information about a specific Certificate credential in the Fleet.

                    
                    
                    
                    

                    Update a Certificate

                    POST /Fleets/{FLxx|UniqueName}/Certificate/{CYxx}
                    

                    Update the given properties of a specific Certificate credential in the Fleet, giving it a friendly name or assigning to a Device.

                    Parameters

                    Names in PHP format
                    sid
                    Required
                    post sid<CY> Not PII

                    Provides a 34 character string that uniquely identifies the requested Certificate credential resource.

                    friendlyName
                    Optional
                    post string Not PII

                    Provides a human readable descriptive text for this Certificate credential, up to 256 characters long.

                    deviceSid
                    Optional
                    post sid<TH> Not PII

                    Provides the unique string identifier of an existing Device to become authenticated with this Certificate credential.

                          
                          
                          
                          

                          Delete a Certificate

                          DELETE /Fleets/{FLxx|UniqueName}/Certificates/{CYxx}
                          

                          Unregister a specific Certificate credential from the Fleet, effectively disallowing any inbound client connections that are presenting it.

                                
                                
                                
                                
                                Rate this page:

                                Need some help?

                                We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.