Security services APIs

The u-blox IoT Security-as-a-Service APIs provide allows you to completely manage security services using your preferred platform or User Interface

The REST APIs are defined and fully documented in the separate on-line documentation available at The swagger (YAML) specification file can be downloaded from the same webpage.

REST APIs security

The APIs are secured using an API key and secret which can be generated on the u-blox Thingstream services portal. The secret is used to generate an authorization header, which is used to authorize the requests made to u-blox.

For further details on how to generate the authorization header, see the swagger documentation at

Accessing the REST APIs

To use the services API, you must first subscribe to an account for the u-blox Thingstream, which is the service and account management platform for IoT Security-as-a-Service. You can select between:

  • Basic account: an IoT Security‑as‑a-Service free-of-charge account restricted to up to ten active devices

  • Enterprise or Pro account: for more than 10 active devices; this is required to enable the commercial version and to access to advanced features

Once the access to the APIs has been granted, you will be able to view and manage the IoT Security-as-a-Service attributes of your devices.

Precautions when using a private network

To ensure the security services processes will work, when using a private network (private APN) you must first check that your devices can reach the u-blox security service.

In particular, check that the module is able to connect to the domain

If the module cannot reach the domain, the IPv4/IPv6 addresses may need to be whitelisted on the private APN server in order to allow the connection to be made.