Considerations for using quarantine or auto-accept

Hi there Photon users, we are currently ramping up our production and are aligning all the steps required to accept unknow Photon P1 devices in our cloud. We were used to use a claim process where we retrieve the Photon ID from the SoftAP setup. That Photon ID is send to our own server which executes a claim request to the Photon cloud. At that point we discovered we need to accept the device from the particle console by moving it from “quarantine” to “accepted”. That process is not usable for use as we are not continuously available to attend the console. We do collect the Photon IDs from manufacturing and are able to approve the IDs on our server and send out the right API call when the devices gets online.

My questions:

  • what are the risks of auto-accept? Our server only processes the IDs that are known in the system. Is it only the risk that we pay for unwanted devices?
  • can a user spoof the product ID and get in our cloud or are there additional constraints?
  • has the original claim process been dropped in favour of this quarantine process?

Thanks, Sven

If you have a list of Device IDs, the most common scenario is to just add all of the Device ID at the time of manufacture. When ordering in tray and reel quantities, you should be emailed a list of Device IDs specifically for that purpose.

what are the risks of auto-accept? Our server only processes the IDs that are known in the system. Is it only the risk that we pay for unwanted devices?

That is correct, if you are further validating against the list of known device IDs in your code.

can a user spoof the product ID and get in our cloud or are there additional constraints?

Yes, that’s why we don’t recommend auto-approve and instead recommend uploading the list of known device IDs first. All the user needs to do is flash firmware containing the PRODUCT_ID macro with your product ID, which is a short, sequentially defined number, to join your product if auto-approve is enabled.

has the original claim process been dropped in favour of this quarantine process?

There are two different things going on here.

Claiming associates a device with a user account, for developer devices. For product devices, claiming can also associate the device with a team member developer account or customer account, and also with that specific product.

Being a member of a product is determined by having the device ID added to the product, which can occur early, and in bulk (recommended), by request (quarantine), or automatically (auto-accept).

This is separate from claiming as a device can be a member of a product while being claimed to a single account (common for cellular), a team member (development device in a product), customer account (two-legged or simple auth), or unclaimed (with some restrictions).

Rickkas7, thanks a lot for your fast response. I will share this information with my team members and make a decision on the way forward.
Sven

I do have an additional question: we can supply the Photon IDs in bulk via the particle console, but I am afraid that I start to pay for monthly fees even when the Photon are still in stock and not in production. Is that true when I bulk upload them?
Thanks, Sven

1 Like