Last modified: Jun 20, 2019 @ 11:34

The LwM2M Bootstrap Server provides a way for LwM2M Devices to be provisioned with information needed to connect to an LwM2M Gateway. This process is referred to as bootstrapping.

The order of device provisioning in BSS and DDM has no effect in the device provisioning flow.

A device can be provisioned,

First on DDM, then on BSS


First on BSS, then on DDM

The current implementation of the LwM2M Bootstrap Server provides a secure bootstrap address using Pre-Shared Key (PSK).

Before a device can utilize the LwM2M Bootstrap Server, the device must first be known to the bootstrap server. This is accomplished by binding the device Endpoint Name to the bootstrap server.

A user can create a device binding by using the bootstrap server API. When a device binding has been created it is stored in the bootstrap server device binding database. In order to create a device binding, the user must know the following:

  • The Endpoint Name for the device.
  • The security mode used by the device.
  • Any security credentials that may be required.

The device Endpoint Name is used to identify the device on the LwM2M server. It is recommended that the device name be universally unique. If a user attempts to use a device Endpoint Name that is already in use the attempt will fail.

The security mode in the device binding defines which UDP payload security mode will be used when communicating with the LwM2M Gateway. Currently Pre-Shared Key is supported in this solution.

API Authentication

Before using the LwM2M Bootstrap server API, the user must first be granted an API key from the LwM2M Bootstrap Server service provider. This key must be provided in the X-API-Key header of all API calls.

The following  users are involved in the device authentication process:

  • The Manufacturer of the Device
  • The Service Provider

Below are the different steps in the device authentication process listed. Each step states which user performs which task:

1. The Device Manufacturer provisions the following device details  in the Bootstrap Server: Device Endpoint Name, PSK ID and PSK for the Bootstrap Server.

2. The Service Provider registers the following device details in DDM: Device Endpoint Name, PSK ID and PSK for the LwM2M Gateway.

3. The LwM2M Gateway is updated with the following device details: PSK ID and  PSK for the LwM2M Gateway.

4. The Bootstrap Server is updated with the following device details: PSK, PSK ID, and URL for the LwM2M Gateway.

5. The Device is turned ON.
Note: This requires the device being factory provisioned with the PSK, PSK ID, and URL for the Bootstrap Server.

6. The Device is successfully authenticated.
The Bootstrap Server has checked the information sent by the Device, the PSK and PSK ID for the Bootstrap Server. Since correct information received, the Bootstrap Server responds with sending the PSK, PSK ID and URL for the LwM2M Gateway, to the Device. Authentication is done.

7. The Device registers to the LwM2M Gateway by using the PSK and the PSK ID for the LwM2M Gateway.

The illustration below shows the device authentication process:

Admin API for Bootstrap Server

The Swagger tool is helpful for understanding and using the Admin API for the Bootstrap Server. The URL to the Swagger page is provided by your Service Provider.

When accesing the Swagger page for the Admin API, users must authorize their X-API-Key. This is done the following way:

1. Click the Authorize button and enter the X-API-Key in the Value: text box.

2. Press the green Authorize button.

3. Once authorized, press the Done button.