azure-iot-hubazure-iot-edgeazure-iot-sdkazure-rest-apiazure-iot-dps

Azure IoT DPS - Enrollment Group - Create Or Update - Rest API


It Seems Rest API calls are not working for Azure - DPS Enrollment group. No response from the API call in the postman.

Followed the below URL

https://learn.microsoft.com/en-us/rest/api/iot-dps/service/enrollment-group/create-or-update?view=rest-iot-dps-service-2021-06-01

If you're able to execute REST API call then, Please let me know.


Solution

  • You would need to generate a security token for Service API authentication. You can find the sample needed to generate token from article Service API authentication. Here is the sample I have tested for my token generation.

    from base64 import b64encode, b64decode
    from hashlib import sha256
    from time import time
    from urllib.parse import quote_plus, urlencode
    from hmac import HMAC
    import requests
    import json
    
    
    def main():
        ttl = time() + 3600
        uri = '{yourdpsservicename}.azure-devices-provisioning.net/enrollmentGroups'
        sign_key = ("%s\n%d" % ((quote_plus(uri)), int(ttl))).encode('utf-8')
        #sign_key = "%s\n%d" % ((quote_plus(uri)), int(ttl))
        print(sign_key)
        signature = b64encode(HMAC(b64decode('key'), sign_key, sha256).digest())
    
        rawtoken = {
            'sr' :  uri,
            'sig': signature,
            'se' : str(int(ttl)),
            'skn' : 'provisioningserviceowner'
        }
    
        print('SharedAccessSignature ' + urlencode(rawtoken))
    
    
    
    
    if __name__ == "__main__":
        main()
    

    Please ensure to replace your DPS service name in the URI and the key value in the signature

    You should get a signature similar to below value.

    enter image description here

    Add this token to the postman Authorization header. Find the below image for reference.

    enter image description here

    The API also requires you to pass Attestation mechanism for your enrollment. I have tested the API call using Symmetric Key attestation by passing the keys as following in the request body

    enter image description here

    As you can see, the API returns 200 OK response and gives details on the Enrollment group. The created enrollment group can be validated from the Azure portal DPS Manage Enrollments tab.

    enter image description here

    Hope this helps!