Device Hub
MQTT • Keycloak • Audit
Connect devices securely and manage them centrally.
Manage devices, credentials and Keycloak clients for MQTT (MQTTS/WSS) at device-hub.ng-access.com.
Secure
Keycloak SSO, client secrets, audit logs.
Scalable
UUIDs, clear lifecycle states, rotation & revocation.
Operational
UI & API for provisioning and troubleshooting.
Quickstart
Onboard a device in 3 steps.
1
Create device
Provision via UI or API.
2
Store secret
Store the client secret securely on the device.
3
Publish/Subscribe
Send telemetry, receive commands, send ACKs.
Rotation
Rotate secrets without downtime.
Revocation
Revoke access and keep an audit trail.
Why Device Hub?
Keycloak first
SSO for operators and client provisioning for devices.
Audit-ready
Every rotation/revocation is logged.
MQTT-focused
Clear conventions for topics, sessions and QoS.
Operator UI
Everything in one place: devices, status, secrets.
Architecture at a glance
Operator (Web UI)
Keycloak SSO, operator role checks, UI workflows.
Provisioning
Device + Keycloak client + secret lifecycle (rotate/revoke).
MQTT conventions
Consistent topics for telemetry, commands and ACKs.
Audit logs
Security-relevant actions are traceably logged.
FAQ
Short answers to the most important questions.
Why can’t I see the API without logging in?
The API is session-authenticated (SSO) and operator-protected.
How do I rotate secrets safely?
Rotation creates a new secret; revoked devices can no longer be rotated.
Where do I find the endpoints?
See API Docs (Swagger UI).
What is logged?
Provisioning, rotation and revocation are stored as audit events.