Jump toSuggest an edit


Reviewed on 06 May 2024Published on 31 August 2021


A device is any system able to connect to an IoT Hub. It could be a connected device or a piece of software running on a computer, for example.


  • publish and subscribe to topics to exchange messages.
  • can be enabled or disabled at any time. Disabling a Device will disconnect it and prevent reconnection.
  • can be reassigned to another Hub using the Change Hub feature.

Device names cannot be changed after the Device has been added. The description field can be changed at any time.


An MQTT Webclient is available in the console to publish and receive messages. Follow the procedure on this tutorial.

Connection security

For each Device, you can choose whether to allow or deny insecure connections.


We recommend that you use mutual-TLS connections to exchange messages between the Hub and Devices.

There are three connection options available:

  • Mutually authenticated TLS (secure) - uses certificates to authenticate, and the connection is encrypted.
  • “Regular” TLS (insecure) - is authenticated only at server level. Your Device needs to authenticate with its Device identifier.
  • Plaintext (insecure) - has the same conditions as “Regular” TLS, but the connection is not encrypted.

When you deny insecure connections, mutual-TLS is the only connection option for the Device.

When you allow insecure connections, all three options are available for the Device.


Device authentication ensures that only authorized Devices can connect to a Hub. A Device can authenticate itself to a Hub in 2 ways:

  • with a certificate, the certificate can be either signed by the Hub certificate authority or associated with the Device.
  • with the MQTT username, matched to a Device ID (device is configured to allow insecure connections).

Using a certificate is only possible when connecting with mutual TLS authentication.

Device certificates

A Device certificate is a way for a Device to authenticate to its Hub.

For your convenience, your Hub’s certificate authority is Scaleway-generated. Your IoT Hub will issue a Scaleway-generated device certificate when you add a new Device.

If you want to provide your own certificate, you can upload a certificate to associate it with a Device.

Whether your Device certificate is Scaleway-generated or customer-provided, the Device can connect to your Hub using it even if the certificate is not signed by the Hub certificate authority.

The Device certificate can be renewed and replaced in the Device overview tab of the console.


When you renew or replace the certificate for a Device, it will be disconnected and will need a new certificate to reconnect.


If you changed the Hub certificate authority, the Device certificate renewal feature becomes permanently disabled. You will no longer be able to use a Scaleway-generated certificate for the Device in question.

Message filters

Message filtering restricts the topics a Device can publish and subscribe to.

For both publish and subscribe operations you can choose a policy and a topic list. The policy instructs the filter to either accept the topics in the list (and hence reject all others) or to reject the topics in the list (and hence allow all others).

Filtered messages are then dropped, and a Hub Event is generated. Filtered subscriptions will be rejected at subscription time.

Message filters can be set up in the Device messages tab of the console.


You can use wildcards in the topic list.


Filters can also be applied to last will messages.

Message filters template


The Message filters template feature is currently in beta.

Message filters accept templating: the Hub and Device metadata can be used in the filter. This allows the use of the same filter on multiple devices. This way, topics can be filtered depending on the connected device.

The following elements are available:

  • The Hub’s name
  • The Hub’s ID
  • The name of the device
  • The device ID

To use these elements in your message filters, use double curly brackets around the element you want to use. For example:

/{{ }}/{{ }}/#

Will build the following filter when the Hub is named MyHub and the Device MyDevice:


Issues when parsing the template will be reported through Hub events as warnings. In this case, the filter can be dropped from the list.

Multiple connections

By default, your Devices can issue only one connection to the Hub at a time. When a second connection is issued, the first one is disconnected. You can change this by allowing multiple connections for a Device.


Each simultaneous connection to your Hub must have a different MQTT Client ID. If you leave this field empty, the Hub will generate one for you automatically.

You can enable or disable multiple connections for a Device on the Device overview tab of the console.


This feature is only available for the dedicated and high-availability plans.


Devices generate two usage metrics:

  • Message count: tells you how many messages the Device has sent and received. Any MQTT message, whether it is a data or a control message, is counted as a Hub message.
  • Device activity: tells you whether the Device was seen connected to the Hub during the time range.

All metrics are provided within 5 available ranges:

  • last 60 minutes: 1 per minute
  • last 24 hours: 1 per hour
  • last 7 days: 1 per 4 hours
  • last 30 days: 1 per day
  • last 365 days: 1 per month

The message count metric is available in the Device messages tab of the console. The Device activity metric is available in the Device overview tab.

Limits and quotas

Maximum number of Devices per Hub - Shared plan10k
Maximum number of Devices per Hub - Dedicated plan10k
Maximum number of Devices per Hub - HA plan10k
Docs APIScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCarreer
© 2023-2024 – Scaleway