Devices

Reviewed on May 21, 2025

Overview

A device is any system able to connect to an IoT Hub. It could be a connected device or a piece of software running on a computer, for example.

Devices:

publish and subscribe to topics to exchange messages.
can be enabled or disabled at any time. Disabling a Device will disconnect it and prevent reconnection.
can be reassigned to another Hub using the Change Hub feature.

Note

Device names cannot be changed after the Device has been added. The description field can be changed at any time.

Tip

An MQTT Webclient is available in the console to publish and receive messages. Follow the procedure on this tutorial.

Connection security

For each Device, you can choose whether to allow or deny insecure connections.

Important

We recommend that you use mutual-TLS connections to exchange messages between the Hub and Devices.

There are three connection options available:

Mutually authenticated TLS (secure) - uses certificates to authenticate, and the connection is encrypted.
"Regular" TLS (insecure) - is authenticated only at server level. Your Device needs to authenticate with its Device identifier.
Plaintext (insecure) - has the same conditions as "Regular" TLS, but the connection is not encrypted.

When you deny insecure connections, mutual-TLS is the only connection option for the Device.

When you allow insecure connections, all three options are available for the Device.

Authentication

Device authentication ensures that only authorized Devices can connect to a Hub. A Device can authenticate itself to a Hub in 2 ways:

with a certificate, the certificate can be either signed by the Hub certificate authority or associated with the Device.
with the MQTT username, matched to a Device ID (device is configured to allow insecure connections).

Note

Using a certificate is only possible when connecting with mutual TLS authentication.

Device certificates

A Device certificate is a way for a Device to authenticate to its Hub.

For your convenience, your Hub's certificate authority is Scaleway-generated. Your IoT Hub will issue a Scaleway-generated device certificate when you add a new Device.

If you want to provide your own certificate, you can upload a certificate to associate it with a Device.

Whether your Device certificate is Scaleway-generated or customer-provided, the Device can connect to your Hub using it even if the certificate is not signed by the Hub certificate authority.

The Device certificate can be renewed and replaced in the Device overview tab of the console.

Important

When you renew or replace the certificate for a Device, it will be disconnected and will need a new certificate to reconnect.

Note

If you changed the Hub certificate authority, the Device certificate renewal feature becomes permanently disabled. You will no longer be able to use a Scaleway-generated certificate for the Device in question.

Message filters

Message filtering restricts the topics a Device can publish and subscribe to.

For both publish and subscribe operations you can choose a policy and a topic list. The policy instructs the filter to either accept the topics in the list (and hence reject all others) or to reject the topics in the list (and hence allow all others).

Filtered messages are then dropped, and a Hub Event is generated. Filtered subscriptions will be rejected at subscription time.

Message filters can be set up in the Device messages tab of the console.

Tip

You can use wildcards in the topic list.

Note

Filters can also be applied to last will messages.

Message filters template

Important

The Message filters template feature is currently in beta.

Message filters accept templating: the Hub and Device metadata can be used in the filter. This allows the use of the same filter on multiple devices. This way, topics can be filtered depending on the connected device.

The following elements are available:

hub.name: The Hub's name
hub.id: The Hub's ID
device.name: The name of the device
device.id: The device ID

To use these elements in your message filters, use double curly brackets around the element you want to use. For example:

/{{ hub.name }}/{{ device.name }}/#

Will build the following filter when the Hub is named MyHub and the Device MyDevice:

/MyHub/MyDevice/#

Important

Issues when parsing the template will be reported through Hub events as warnings. In this case, the filter can be dropped from the list.

Multiple connections

By default, your Devices can issue only one connection to the Hub at a time. When a second connection is issued, the first one is disconnected. You can change this by allowing multiple connections for a Device.

Note

Each simultaneous connection to your Hub must have a different MQTT Client ID. If you leave this field empty, the Hub will generate one for you automatically.

You can enable or disable multiple connections for a Device on the Device overview tab of the console.

Important

This feature is only available for the dedicated and high-availability plans.

Metrics

Devices generate two usage metrics:

Message count: tells you how many messages the Device has sent and received. Any MQTT message, whether it is a data or a control message, is counted as a Hub message.
Device activity: tells you whether the Device was seen connected to the Hub during the time range.

All metrics are provided within 5 available ranges:

last 60 minutes: 1 per minute
last 24 hours: 1 per hour
last 7 days: 1 per 4 hours
last 30 days: 1 per day
last 365 days: 1 per month

The message count metric is available in the Device messages tab of the console. The Device activity metric is available in the Device overview tab.

Limits and quotas

	Quotas	Limits
Maximum number of Devices per Hub - Shared plan	10k
Maximum number of Devices per Hub - Dedicated plan	10k
Maximum number of Devices per Hub - HA plan	10k

Still need help?

Create a support ticket