Security Services


Security Services protect your data at rest and in transit by leveraging the root of trust of your u-blox SARA-R4 or SARA-R5 module . Through u-blox Thingstream, you can generate access keys to securely declare your ownership of the modules and establish the root of trust through which you can manage (enable, disable, configure, get usage, etc..) all of the features provided in Security Services including:

  • A unique Swiss-made Key Management System (KMS) which allows you to generate an infinite number of crypto keys on-the-fly to protect a single in-transit message. A perfect solution for those scenarios that require frequent secure transmission of small payloads.

  • A ready-to-use, bi-directional solution to transmit encrypted data from device to cloud and vice versa ensuring confidentiality, authenticity and integrity

  • Complete device control

    • Simplified device certificate provisioning with a real zero-touch provisioning (ZTP) solution that works with major cloud service providers such as AWS, Microsoft Azure and Google

    • Leverage the the hardware root of trust to protect data at rest and secure chip to chip communication e.g. MCU to modem, against device tampering, sniffing, brute-force attacks and counterfeiting

The Security Services APIs themselves are designed to use standard HTTPS protocol and return JSON payloads in response to HTTPS requests, and are implemented based on the RESTful principles.

Generating Access Keys

In order to start using Security Services, you'll need to generate an access key and secret pair to install on your module. You can do this by going to the Access Keys page under Security Services and clicking on the "Generate Keys" button.

Related Information

Security Services API documentation

Still need help?

If you need more help or have any questions, please send an email to

Once you have generated your key and secret, make sure you save them somewhere safe as the secret cannot be recovered after you leave the page.

You can now use the key and secret pair to configure your modem, ready to use the Security Services APIs.