Skip to content

Latest commit

 

History

History
415 lines (368 loc) · 15.3 KB

File metadata and controls

415 lines (368 loc) · 15.3 KB

Debugging

The following guide provides commands that can be issued in the terminal. Replace any variables inside ${}, %%, or $ with the appropriate variables.

1. Getting Access Token

Bash

curl -X POST \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -H "Authorization: Basic ${TOKEN}" \
    -d "grant_type=client_credentials" \
    https://thingspace.verizon.com/api/ts/v1/oauth2/token

Windows Command Prompt

curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Basic %TOKEN%" -d "grant_type=client_credentials" https://thingspace.verizon.com/api/ts/v1/oauth2/token

PowerShell

Invoke-RestMethod `
    -Method Post `
    -Uri "https://thingspace.verizon.com/api/ts/v1/oauth2/token" `
    -Headers @{ `
        "Content-Type" = "application/x-www-form-urlencoded"; `
        "Authorization" = "Basic $TOKEN" `
    } `
    -Body "grant_type=client_credentials"

Note: Use the TOKEN assigned to your account.

Successful Response Sample

{
    "access_token": "WXE4OTY2NTgtNzdiOC00ZGM4LWE3ZmItZDRmNzFiZjRjYzYz",
    "scope": "ts.application.ro ts.mec.fullaccess",
    "token_type": "Bearer",
    "expires_in": 3600
}

2. Getting Session Token

Bash

curl -X POST \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer ${ACCESS_TOKEN}" \
    -d "{\"username\": \"${USER}\", \"password\": \"${PASS}\"}" \
    https://thingspace.verizon.com/api/m2m/v1/session/login

Windows Command Prompt

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer %ACCESS_TOKEN%" -d "{\"username\": \"%USER%\", \"password\": \"%PASS%\"}" https://thingspace.verizon.com/api/m2m/v1/session/login

PowerShell

Invoke-RestMethod `
    -Method Post `
    -Uri "https://thingspace.verizon.com/api/m2m/v1/session/login" `
    -Headers @{ `
        "Content-Type" = "application/json"; `
        "Authorization" = "Bearer $ACCESS_TOKEN" `
    } `
    -Body (@{ `
        username = $USER; `
        password = $PASS `
    } | ConvertTo-Json)

Notes:

  • Use the ACCESS_TOKEN from the response of last step.
  • Use the USER and PASS assigned to your account.

Successful Response Sample

{
    "sessionToken": "d6c26b5c-f141-4864-41bb-5bcdbd22c1dc"
}

3. Getting Certificates

Bash

curl -X POST \
    -H "Content-Type: application/json" \
    -H "SessionToken: ${SESSION_TOKEN}" \
    -H "Authorization: Bearer ${ACCESS_TOKEN}" \
    -d "{\"VendorID\": \"${VENDOR_ID}\", \
        \"ClientType\": \"${CLIENT_TYPE}\", \
        \"ClientSubtype\": \"${CLIENT_SUBTYPE}\"}" \
    https://imp.thingspace.verizon.com/api/v2/clients/registration

Windows Command Prompt

curl -X POST -H "Content-Type: application/json" -H "SessionToken: %SESSION_TOKEN%" -H "Authorization: Bearer %ACCESS_TOKEN%" -d "{\"VendorID\": \"%VENDOR_ID%\", \"ClientType\": \"%CLIENT_TYPE%\", \"ClientSubtype\": \"%CLIENT_SUBTYPE%\"}" https://imp.thingspace.verizon.com/api/v2/clients/registration

PowerShell

Invoke-RestMethod `
    -Method Post `
    -Uri "https://imp.thingspace.verizon.com/api/v2/clients/registration" `
    -Headers @{ `
        "Content-Type" = "application/json"; `
        "SessionToken" = $SESSION_TOKEN; `
        "Authorization" = "Bearer $ACCESS_TOKEN" `
    } `
    -Body (@{ `
        VendorID = $VENDOR_ID; `
        ClientType = $CLIENT_TYPE; `
        ClientSubtype = $CLIENT_SUBTYPE `
    } | ConvertTo-Json)

Notes:

  • Use the SESSION_TOKEN and ACCESS_TOKEN retrieved from the last steps.
  • Use the VENDOR_ID, CLIENT_TYPE, and CLIENT_SUBTYPE assigned to your account.

Successful Response Sample

{
    "Certificate": {
        "ExpirationTime": "2026-01-16T12:25:14Z",
        "ca.pem": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n",
        "cert.pem": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----",
        "key.pem": "-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----\n"
    },
    "DeviceID": "35f3ef91-f951-4110-b05d-8579123ece61"
}

Notes:

  • Keep track of the DeviceID and Certificate. Each account is expected to manage these credentials by themselves. There is quota for the number devices for each account. If a device ID is orphaned without deleting it (step 6), they will take up part of the quota.
  • This will take awhile to respond so set timeouts appropriately.

4. Get Connection Details

Bash

curl -X POST \
    -H "Content-Type: application/json" \
    -H "SessionToken: ${SESSION_TOKEN}" \
    -H "Authorization: Bearer ${ACCESS_TOKEN}" \
    -H "VendorID: ${VENDOR_ID}" \
    -d "{\"DeviceID\": \"${DEVICE_ID}\", \
        \"NetworkType\": \"non-VZ\", \
        \"Geolocation\": {\"Latitude\": ${LAT}, \"Longitude\": ${LON}}}" \
    https://imp.thingspace.verizon.com/api/v2/clients/connection

Windows Command Prompt

curl -X POST -H "Content-Type: application/json" -H "SessionToken: %SESSION_TOKEN%" -H "Authorization: Bearer %ACCESS_TOKEN%" -H "VendorID: %VENDOR_ID%" -d "{\"DeviceID\": \"%DEVICE_ID%\", \"NetworkType\": \"non-VZ\", \"Geolocation\": {\"Latitude\": %LAT%, \"Longitude\": %LON%}}}" https://imp.thingspace.verizon.com/api/v2/clients/connection

PowerShell

Invoke-RestMethod `
    -Method Post `
    -Uri "https://imp.thingspace.verizon.com/api/v2/clients/connection" `
    -Headers @{ `
        "Content-Type" = "application/json"; `
        "SessionToken" = $SESSION_TOKEN; `
        "Authorization" = "Bearer $ACCESS_TOKEN"; `
        "VendorID" = $VENDOR_ID `
    } `
    -Body (@{ `
        DeviceID = $DEVICE_ID; `
        NetworkType = "non-VZ"; `
        Geolocation = @{ `
            Latitude = [double]$LAT; `
            Longitude = [double]$LON `
        } `
    } | ConvertTo-Json)

Notes:

  • Use the SESSION_TOKEN, ACCESS_TOKEN, and DEVICE_ID retrieved from the last steps.
  • Use the VENDOR_ID assigned to your account.
  • The LAT, LON is based on your location.
  • The network type non-VZ is used if not connecting from VZ network.

Successful Response Sample

{
    "MqttURL": "mqtt://imp-atl-1.prod-us-east-1.thingspace.verizon.com:8883"
}

5. Deleting Device

This removes the device ID and certificate from the credential pool.

Bash

curl -X DELETE \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -H "VendorID: ${VENDOR_ID}" \
    -H "Authorization: Bearer ${ACCESS_TOKEN}" \
    -H "SessionToken: ${SESSION_TOKEN}" \
    "https://imp.thingspace.verizon.com/api/v2/clients/registration?DeviceIDs=${DEVICE_ID}"

Windows Command Prompt

curl -X DELETE -H "Content-Type: application/x-www-form-urlencoded" -H "VendorID: %VENDOR_ID%" -H "Authorization: Bearer %ACCESS_TOKEN%" -H "SessionToken: %SESSION_TOKEN%" "https://imp.thingspace.verizon.com/api/v2/clients/registration?DeviceIDs=%DEVICE_ID%"

PowerShell

Invoke-RestMethod `
    -Method Delete `
    -Uri "https://imp.thingspace.verizon.com/api/v2/clients/registration?DeviceIDs=$DEVICE_ID" `
    -Headers @{ `
        "Content-Type" = "application/x-www-form-urlencoded"; `
        "VendorID" = $VENDOR_ID; `
        "Authorization" = "Bearer $ACCESS_TOKEN"; `
        "SessionToken" = $SESSION_TOKEN `
    }

Notes:

  • Use the SESSION_TOKEN, ACCESS_TOKEN, and DEVICE_ID retrieved from the last steps.
  • Use the VENDOR_ID assigned to your account.

Other Helpful Commands

Check if endpoint is reachable.

nc -vz imp-atl-1.prod-us-east-1.thingspace.verizon.com 8883

Expected Return

Connection to imp-atl-1.prod-us-east-1.thingspace.verizon.com port 8883 [tcp/*] succeeded!

Check if certificates are valid.

openssl s_client -connect imp-atl-1.prod-us-east-1.thingspace.verizon.com port:8883 \                               
  -CAfile ca.crt \
  -cert client.crt \
  -key client.key \
  -verify_return_error \
  -verify 1 \
  -showcerts

Expected Return (on macOS)

verify depth is 1
Connecting to 3.226.205.123
CONNECTED(00000006)
depth=2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
verify return:1
depth=1 C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
verify return:1
depth=0 C=US, ST=Florida, L=Temple Terrace, O=Verizon Data Services LLC, CN=imp-bos-1.prod-us-east-1.thingspace.verizon.com
verify return:1
---
Certificate chain
 0 s:C=US, ST=Florida, L=Temple Terrace, O=Verizon Data Services LLC, CN=imp-bos-1.prod-us-east-1.thingspace.verizon.com
   i:C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
   a:PKEY: RSA, 2048 (bit); sigalg: sha256WithRSAEncryption
   v:NotBefore: Nov 12 00:00:00 2024 GMT; NotAfter: Dec  2 23:59:59 2025 GMT
-----BEGIN CERTIFICATE-----
MIIKfjCCCWagAwIBAgIQDHNDpwxuDj8znqboBGg+UTANBgkqhkiG9w0BAQsFADBZ
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE
aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjQx
MTEyMDAwMDAwWhcNMjUxMjAyMjM1OTU5WjCBljELMAkGA1UEBhMCVVMxEDAOBgNV
BAgTB0Zsb3JpZGExFzAVBgNVBAcTDlRlbXBsZSBUZXJyYWNlMSIwIAYDVQQKExlW
ZXJpem9uIERhdGEgU2VydmljZXMgTExDMTgwNgYDVQQDEy9pbXAtYm9zLTEucHJv
ZC11cy1lYXN0LTEudGhpbmdzcGFjZS52ZXJpem9uLmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAK6PvNrSUb3d5oK50tkf9CX0zJMb8liLDYpxG4lV
WB0pViRZkQUgnIWy/9NceHyst1jUyZDg/zMgUFxJOaFlMu44fjw7BXR6WQfGeo0M
N/u94eu1IIMTLYhcIAcxYI4wa/Q/oA5C3tQSQsYsc7DUoXGBTwzkOHIZdLdSFNsK
Iz6R2z/LxjCKim5kEXxDeRp4QIqoRKJ8wo+Y8yMiLebSmFGWgZ96hdT04CnhCXw/
bGBTFf6ncyRV+iqJkau9rzMriTbEG0QMBteCafZrUyeiLiSi55AtqRX9isLnDVlw
njmDnPA32tGSXHZNJHxCqQCiKL76eLV518Gq6/ks0EAwT70CAwEAAaOCBwIwggb+
MB8GA1UdIwQYMBaAFHSFgMBmx9833s+9KTeqAx2+7c0XMB0GA1UdDgQWBBQ/yajG
imCVAczapOUD4zc+wIqa9jCCA5EGA1UdEQSCA4gwggOEgi9pbXAtYm9zLTEucHJv
ZC11cy1lYXN0LTEudGhpbmdzcGFjZS52ZXJpem9uLmNvbYIxaW1wLWF0bC13bDEu
cHJvZC11cy1lYXN0LTEudGhpbmdzcGFjZS52ZXJpem9uLmNvbYIvaW1wLWF0bC0x
LnByb2QtdXMtZWFzdC0xLnRoaW5nc3BhY2UudmVyaXpvbi5jb22CMWltcC1kZnct
d2wxLnByb2QtdXMtZWFzdC0xLnRoaW5nc3BhY2UudmVyaXpvbi5jb22CL2ltcC1k
ZnctMS5wcm9kLXVzLWVhc3QtMS50aGluZ3NwYWNlLnZlcml6b24uY29tgjFpbXAt
ZHR3LXdsMS5wcm9kLXVzLWVhc3QtMS50aGluZ3NwYWNlLnZlcml6b24uY29tgi9p
bXAtZHR3LTEucHJvZC11cy1lYXN0LTEudGhpbmdzcGFjZS52ZXJpem9uLmNvbYIx
aW1wLW1zcC13bDEucHJvZC11cy1lYXN0LTEudGhpbmdzcGFjZS52ZXJpem9uLmNv
bYIvaW1wLW1zcC0xLnByb2QtdXMtZWFzdC0xLnRoaW5nc3BhY2UudmVyaXpvbi5j
b22CMWltcC1ueWMtd2wxLnByb2QtdXMtZWFzdC0xLnRoaW5nc3BhY2UudmVyaXpv
bi5jb22CL2ltcC1ueWMtMS5wcm9kLXVzLWVhc3QtMS50aGluZ3NwYWNlLnZlcml6
b24uY29tgjFpbXAtYm9zLXdsMS5wcm9kLXVzLWVhc3QtMS50aGluZ3NwYWNlLnZl
cml6b24uY29tgjFpbXAtbGF4LXdsMS5wcm9kLXVzLXdlc3QtMi50aGluZ3NwYWNl
LnZlcml6b24uY29tgi9pbXAtbGF4LTEucHJvZC11cy13ZXN0LTIudGhpbmdzcGFj
ZS52ZXJpem9uLmNvbYIxaW1wLXNmby13bDEucHJvZC11cy13ZXN0LTIudGhpbmdz
cGFjZS52ZXJpem9uLmNvbYIvaW1wLXNmby0xLnByb2QtdXMtd2VzdC0yLnRoaW5n
c3BhY2UudmVyaXpvbi5jb22CMWltcC1waHgtd2wxLnByb2QtdXMtd2VzdC0yLnRo
aW5nc3BhY2UudmVyaXpvbi5jb22CL2ltcC1waHgtMS5wcm9kLXVzLXdlc3QtMi50
aGluZ3NwYWNlLnZlcml6b24uY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYI
KwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIGfBgNVHR8EgZcw
gZQwSKBGoESGQmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2Jh
bEcyVExTUlNBU0hBMjU2MjAyMENBMS0xLmNybDBIoEagRIZCaHR0cDovL2NybDQu
ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0Ex
LTEuY3JsMIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
LmRpZ2ljZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNl
cnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0
MAwGA1UdEwEB/wQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB2ABLxTjS9
U3JMhAYZw48/ehP457Vih4icbTAFhOvlhiY6AAABkyKg6VoAAAQDAEcwRQIhAO2k
WAe3ZciU1sQn0tHcCPzuK4KhX6BfYNmIE7h+xbvfAiArIHQXJgwhStMIk7RT5nNq
uk69Twidt68H/skVFQU+JAB1AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0e
N45QAAABkyKg6SAAAAQDAEYwRAIgFzNzReskFb+0NqY15ONwGgX5FqC0nMp5Qs3F
I8SVQNECIBN05NlpYZNO7ZaMX+YIo7IMvuwXY10X0zfdpf7wnnCJAHUAzPsPaoVx
CWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGTIqDpKgAABAMARjBEAiBVyiCE
hv0fpS33BXxvrzFW2l7MtSgTceDopq9mLr4qFQIgEz2iSu/PEUb5t3ACkXHRZIFO
D2JlAA3BEX4k0HFb5vYwDQYJKoZIhvcNAQELBQADggEBAHXAhwBbW6bUlbu6F6yx
j4YH6Hsv7eWgIE7XRT/LjECMA6Hr1iV7sv0Ec8xPYwF+x6YpRDxlmsKuG9lUi5KC
zM2+mscXN4w28QRKTsC05/HmPisXSH8mZpFhkuG0V8DwghmB3zyVUKuvQu86Sx+V
kS4bsoJHmN39vxBa43ylEVcqL9MAMwVZtmvUXxTvbohtG3UlsPf9oygrTL2K22AI
eF36ZGxW3EIx5sGxqV2AOLFNU8NecUTk3sUus2c7AfG/k5W8D1YXA/yte2/TNl7x
TpKqfBOzvqL9iPVJwZWrz+shsuCQsPouGSnnqCHRLzMFh4FhtZiyEEbZlyv/bS/7
ASk=
-----END CERTIFICATE-----
---
Server certificate
subject=C=US, ST=Florida, L=Temple Terrace, O=Verizon Data Services LLC, CN=imp-bos-1.prod-us-east-1.thingspace.verizon.com
issuer=C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
---
Acceptable client certificate CA names
C=US, O=Verizon, OU=ThingSpace, CN=ThingSpace Issuing CA Dev
C=US, O=Verizon, OU=ThingSpace, CN=ThingSpace Root Certificate Authority R2
C=US, ST=NJ, L=Basking Ridge, O=Verizon Wireless, OU=ThingSpace Develop, CN=ThingSpace Root Certificate Authority
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: rsa_pss_rsae_sha256
Peer Temp Key: ECDH, secp384r1, 384 bits
---
SSL handshake has read 3839 bytes and written 3548 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: D2964ADD2BFDEEC85EB8D1C21361008C55E5EC08643C37C0156A73A5E7DB237F
    Session-ID-ctx: 
    Resumption PSK: 3E0D7C33CAD3DAC4D6EE0B657FA93B9F1314935C6E582071D2680C3D13CEA02D54D14741F40E855D91A0DCB4840FF38F
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 600 (seconds)
    TLS session ticket:
    0000 - 99 3b e2 1f d5 cd ac 0f-d7 cd 04 16 75 cd c3 e6   .;..........u...
    0010 - 26 5f c5 5c 7b 28 fb 47-46 02 b2 5b 19 a1 c4 c7   &_.\{(.GF..[....

    Start Time: 1752712553
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: B11455E5AFBCB862D00528DF410B1530C167AC9451D2D88B94AC64386538C321
    Session-ID-ctx: 
    Resumption PSK: 625678B4DBA5E58134014A38971B8F256E6C0E01758607E74D8FB52A21FBEEA28BE1BD750919A04C9836CD8AB3F289FD
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 600 (seconds)
    TLS session ticket:
    0000 - be 71 b8 0f 49 50 64 d1-d9 62 d7 90 fc f1 0e 64   .q..IPd..b.....d
    0010 - 2b 80 b4 83 51 2c 60 f4-c5 f7 2b a4 69 74 a4 af   +...Q,`...+.it..

    Start Time: 1752712553
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK