Skip to main content

Managing tokens and keys

This page explains how to generate and use different tokens and keys for nRF Cloud services.

Some operations depend on your role within a team. Anyone can view a key or token, but not all roles can generate them.

Device identity attestation token

To claim and onboard a device, you need the device's identity attestation token.

Generate the token by sending an AT command through Serial Terminal:

  1. Open nRF Connect for Desktop.

  2. Install the Serial Terminal app if you do not have it already.

  3. Connect the device over USB to your PC and turn it on.

  4. Open the Serial Terminal app.

  5. Click Select Device.

  6. Select your device from the menu.

  7. Click Connect to port. If you cannot connect to the device, select a different COM port than the default from the drop-down menu.

  8. Enter the AT command at AT%ATTESTTOKEN, including the at prefix (with trailing space).

    note

    If you are using the Multi-service sample and programmed the device using Quick Start, it requires the at prefix (including trailing space) to parse AT commands. If you encounter an error when entering AT commands, ensure that the command is correctly formatted.

  9. Copy the response between the quotation marks and store it somewhere secure.

You now have a device-specific identity attestation token and can use it to claim the device.

API key

All team members can generate API keys through the nRF Cloud portal. The API key is specific to your user and team. You have a different API key for each team.

note

You can generate API keys only through the nRF Cloud portal.

To view an existing API key or generate a new one:

  1. Log in to the nRF Cloud portal.
  2. Click the three-line menu in the upper right corner.
  3. Click User Account.
  4. On the Current Team Details card, locate the API key. You can copy the existing key, or generate a new one:

    • Click the icon next to the text box to copy the existing API key.

    • Click Regenerate API key to generate a new one.

      A pop-up opens:

      1. Type regenerate api key in the text box to confirm.
      2. Click OK.
      3. The new key appears in the text box.

Use this key in the Authorization: Bearer header in REST requests that require it. Previously issued API keys are valid for up to 60 minutes after you generate a new one.

JWT

For cloud-to-cloud use of Location Services through a proxy server, use an Organization Auth Token (OAT). See the Location Services Quickstart for setup instructions.

To generate a JWT for direct device-to-cloud operations, see Securely generating credentials.

Service tokens (deprecated)

Caution

Service tokens are deprecated and can no longer be created through the nRF Cloud portal. Existing service tokens will continue to function until they expire, but cannot be renewed. Use Organization Auth Tokens (OATs) instead. See the Location Services Quickstart for migration instructions.

Last updated on
This page is human-authored. If you see any errors, outdated information, or any other suggestions for improving the contents, please contact us!