API docs by Redocly

Message Routing REST API (v1)

Download OpenAPI specification:Download

Using the Message routing API

Managing webhook Destinations

Receiving messages

Triggering message forwarding

  • Send a device message from a device to initiate message forwarding.
  • Await messages at your registered webhook Destination shortly after sending the device message.
  • Messages arrive in batches to your configured webhook Destination.
  • Messages from MQTT topics prefixed with $ENV/$TEAM_ID/m are forwarded, with the exception of messages sent to $ENV/$TEAM_ID/m/d/$DEVICE_ID/d2c/bin.

Security and SSL verification

  • Verifying requests: Use the x-nrfcloud-signature header to verify incoming requests. This signature is an HMAC hex digest of the request payload, hashed using your provided secret. Employ constant-time string comparisons to mitigate timing attacks.
  • SSL verification: SSL verification is standard for payload delivery unless you disable it using the verifySsl property in your webhook configuration.

Handling errors

  • Non-2xx responses from your Destination webhook are logged as errors. Access the errors property of the Destination to review the five most recent errors within the past 30 days.

Access control

  • Full Destination management is limited to Admin and Owner roles. Destination viewing is allowed for Editor and Viewer roles.

Webhook server example

Below is an example of a simple Node.js server that receives webhook requests, verifies the x-nrfcloud-signature header, and responds with a status code of 200 along with the x-nrfcloud-team-id header. This example uses Express, a popular web framework for Node.js, and the crypto module for signature verification. 

const express = require('express');
const bodyParser = require('body-parser');
const crypto = require('crypto');

const app = express();
const port = 3000;

// Replace this with your actual secret key
const secretKey = 'yourSecretKey';

app.use(bodyParser.json());

// Verify nRF Cloud signature
const verifySignature = (req) => {
    const signature = req.headers['x-nrfcloud-signature'];
    const body = JSON.stringify(req.body);

    // Create HMAC hex digest
    const hmac = crypto.createHmac('sha256', secretKey);
    hmac.update(body, 'utf8');
    const digest = hmac.digest('hex');

    return digest === signature;
};

app.post('/webhook', (req, res) => {
    if (verifySignature(req)) {
        // Your logic here - process the request
        
        // Respond with 200 OK and x-nrfcloud-team-id header
        res.set('x-nrfcloud-team-id', 'yourTeamId');
        res.status(200).send('Webhook received successfully.');
    } else {
        res.status(401).send('Invalid signature.');
    }
});

app.listen(port, () => {
    console.log(`Webhook receiver running on port ${port}`);
});

Destination

ListDestinations

Returns a list of all Destinations registered to your team.

Authorizations:
ApiKey

Responses

Response samples

Content type
application/json
[
  • {
    }
]

CreateDestination

Registers a new Destination to forward device messages from nRF Cloud.

During the request, the service verifies your provided Destination. Before creating a new Destination, ensure your server responds appropriately. nRF Cloud needs to verify that you own this endpoint and that it is ready to start receiving data. The service sends a POST request to the URL endpoint you provided. Your endpoint should respond with a 2xx status code and the header x-nrfcloud-team-id with your team ID. If the verification process fails, the request responds with a 400 status code and the Destination is not registered.

Authorizations:
ApiKey
Request Body schema: application/json
required
name
required
string non-empty
required
object (HttpConfiguration)
isEnabled
required
boolean

If true, the Destination is enabled and will forward messages. If false, the Destination is disabled and will not forward messages.

dlqNotificationEmails
Array of strings (Email) [^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2...]

The email address to which DLQ notifications are sent.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "config": {
    },
  • "isEnabled": true,
  • "dlqNotificationEmails": [
    ]
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "createdAt": "string",
  • "name": "string",
  • "config": {
    },
  • "isEnabled": true,
  • "errors": [
    ],
  • "dlqSize": 0,
  • "dlqNotificationEmails": [
    ]
}

VerifyDestination

Sends a verification message to your Destination for testing purposes.

Authorizations:
ApiKey
path Parameters
required
Nominal-string-.Uuid.- (string) <uuid> = 36 characters ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3...
Examples: a5592ec1-18ae-4d9d-bc44-1d9bd927bbe9

Universally unique identifier

Responses

Response samples

Content type
application/json
{
  • "destination_response": {
    }
}

UpdateDestination

Modifies an existing Destination to forward device messages from nRF Cloud. If you alter the Destination URL, re-verification is required. See Create a new Destination for more information about verification.

Authorizations:
ApiKey
path Parameters
required
Nominal-string-.Uuid.- (string) <uuid> = 36 characters ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3...
Examples: a5592ec1-18ae-4d9d-bc44-1d9bd927bbe9

Universally unique identifier

Request Body schema: application/json
required
name
string non-empty
isEnabled
boolean

If true, the Destination is enabled and will forward messages. If false, the Destination is disabled and will not forward messages.

dlqNotificationEmails
Array of strings (Email) [^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2...]

The email address to which DLQ notifications are sent.

object

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "isEnabled": true,
  • "dlqNotificationEmails": [
    ],
  • "config": {
    }
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "createdAt": "string",
  • "name": "string",
  • "config": {
    },
  • "isEnabled": true,
  • "errors": [
    ],
  • "dlqSize": 0,
  • "dlqNotificationEmails": [
    ]
}

DeleteDestination

Removes a Destination from your team.

Authorizations:
ApiKey
path Parameters
required
Nominal-string-.Uuid.- (string) <uuid> = 36 characters ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3...
Examples: a5592ec1-18ae-4d9d-bc44-1d9bd927bbe9

Universally unique identifier

Responses

DLQ

ListDLQItems

List the items in the Dead-Letter Queue (DLQ) for a Destination.

Authorizations:
ApiKey
path Parameters
required
Nominal-string-.Uuid.- (string) <uuid> = 36 characters ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3...
Examples: a5592ec1-18ae-4d9d-bc44-1d9bd927bbe9

Universally unique identifier

query Parameters
pageLimit
number (PageLimit)
Examples:
  • pageLimit=100 -
pageNextToken
string (PageToken) [ 1 .. 256 ] characters ^[^\s]{1,256}$
Examples:
  • pageNextToken=def456eubdkw9038kdd93l -

Token used to retrieve the next page of items in the list. Present in a response only if the total available results exceeds the specified limit on a page. This token does not change between requests. When supplying as a request parameter, use URL-encoding.

Responses

Response samples

Content type
application/json
{
  • "items": [
    ],
  • "total": 10,
  • "pageNextToken": "4bb1f9ab35bd"
}

DeleteDLQItems

Delete every item in the DLQ for a Destination.

Authorizations:
ApiKey
path Parameters
required
Nominal-string-.Uuid.- (string) <uuid> = 36 characters ^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3...
Examples: a5592ec1-18ae-4d9d-bc44-1d9bd927bbe9

Universally unique identifier

Responses