Zero Touch Provisioning (ZTP) is a feature which allows your devices to automatically provision themselves with the service that you wish to use. This is achieved by the creation of ZTP device profiles which are essentially a template to define the various options and features for your Things.
Each profile has a unique token that can be given to all of your devices during manufacturing, then when the device is ready for use, it can call the ZTP web service passing its token to get back its own set of credentials for service access.
This guide gives an overview of the key elements of the service. Each product will have its own variations which are explained in separate dedicated guides.
Creating a Device Profile
ZTP profiles are created using the "ZTP -> Device Profiles" option from the Services menu on the sidebar.
Configuring your Device Profile
The common elements of the ZTP service are explained below. Note that you can go back and edit these at any time, but the changes will only apply to Things created after the change to the profile is made. Any existing Things would need to be updated individually if required:
Auto Activate Devices - Use this option if you wish each Thing to be usable immediately after provisioning. You will need to select the required price plan that the Things will use. If you don't enable auto activation, your Things will be left in an allocated state and you will need to activate them individually using the Thingstream Portal or the Customer API.
Device Tags – You can specify any default tags that should be applied to any Things created using this profile. Note that you can also specify individual tags as part of the call to the ZTP web service.
Hardware Code Mandatory - When a device calls the ZTP web service on bootstrap, there is an option for it to provide an additional globally unique hardware code e.g. IMEI for improved security. It is recommened that you enable this feature since this also allows your devices to recover their credentials in future if perhaps the configuration is lost, or you rotate the credentials for some reason. There is also the option to use an allowlist to ensure only devices with a known hardware code can be provisioned in your domain.
Using your Device Profile
Once the Device Profile is created, you will be provided with an endpoint for the ZTP web service related to your chosen service, and a token which identifies the profile. These need to be given to your devices so that they can provision themselves when needed.
The swagger docs for the ZTP web services can be found here.
Still need help?
If you need more help or have any questions, please send an email to services-support@u-blox.com.