Skip to main content

Device Provisioning

Zero-touch device onboarding for EdgeFlow SaaS. Register devices with one-time provisioning codes, auto-discover hardware info, and obtain API credentials.

Overview

Device provisioning is the process of registering an EdgeFlow device with the SaaS cloud platform. Once provisioned, the device receives a unique Device ID and API Key that it uses for all subsequent cloud communication.

EdgeFlow supports two provisioning methods: auto-provisioning with a one-time code, or pre-provisioned credentials set by an administrator.

Auto-Provisioning (Recommended)

The recommended approach uses a one-time provisioning code generated from the SaaS dashboard. The device uses this code to register itself automatically.

Step 1: Generate a Provisioning Code

In the SaaS dashboard, navigate to Devices → Add Device and generate a provisioning code.

Step 2: Configure the Device

Set the provisioning code as an environment variable on the device:

# /etc/edgeflow/.env
EDGEFLOW_SAAS_ENABLED=true
EDGEFLOW_SAAS_URL=saas.edgx.cloud:443
EDGEFLOW_PROVISIONING_CODE=PROV-A1B2-C3D4

Step 3: Start EdgeFlow

When EdgeFlow starts, the provisioning client automatically:

  1. Collects hardware information (board model, CPU, RAM, OS)
  2. Collects network information (hostname, IP, MAC address)
  3. Sends a registration request to the cloud
  4. Receives and stores the Device ID and API Key
  5. Connects to the cloud via WebSocket tunnel

Step 4: Verify

Check provisioning status via the local API:

curl http://localhost:8080/api/v1/saas/status

# Response:
{
  "connected": true,
  "device_id": "dev_abc123xyz",
  "status": "online",
  "last_heartbeat": "2026-02-21T12:00:00Z"
}

Pre-Provisioned Credentials

If you already have a Device ID and API Key (created by an admin in the SaaS dashboard), you can skip auto-provisioning and provide credentials directly: 

EDGEFLOW_SAAS_ENABLED=true
EDGEFLOW_SAAS_URL=saas.edgx.cloud:443
EDGEFLOW_DEVICE_ID=dev_abc123xyz
EDGEFLOW_API_KEY=efk_your_api_key_here

Hardware Info Collected

During provisioning, the device automatically reports the following hardware information:

Field Source Example
Board Model /proc/device-tree/model Raspberry Pi 4 Model B Rev 1.4
CPU Cores runtime.NumCPU() 4
RAM runtime.MemStats 4096 MB
OS runtime.GOOS linux
Architecture runtime.GOARCH arm64
Kernel uname -r 6.1.0-rpi7-rpi-2712

Network Info Collected

Field Example
Hostname edgeflow-pi-001
IP Address 192.168.1.100
MAC Address dc:a6:32:xx:xx:xx
Connection Type ethernet / wifi

Provisioning API

You can also trigger provisioning programmatically via the local REST API:

# Trigger provisioning with a code
curl -X POST http://localhost:8080/api/v1/saas/provision \
  -H "Content-Type: application/json" \
  -d '{"provisioning_code": "PROV-A1B2-C3D4"}'

# Response:
{
  "device_id": "dev_abc123xyz",
  "api_key": "efk_...",       # Only shown once!
  "expires_at": "2027-02-21T00:00:00Z"
}

Important

The API Key is only returned once during provisioning. Store it securely. If lost, you must re-provision the device with a new code.

Security

  • Provisioning codes are single-use and expire after a configurable TTL
  • API Keys use the efk_ prefix and are stored as SHA256 hashes on the cloud
  • Credentials are encrypted at rest on the device using AES-256-GCM
  • All provisioning traffic uses TLS encryption