Using nRF Cloud with the nRF Connect SDK

nRF Cloud is Nordic Semiconductor’s IoT cloud platform that offers services in the fields of connectivity, device management, and location services.

Overview

nRF Cloud allows you to remotely manage and update your IoT devices using Firmware Over-the-Air (FOTA). FOTA can be used to update the device application, bootloader, and modem. The modem can be incrementally updated with a modem delta image. If the device has sufficiently large external flash storage, the modem can be entirely updated with a full modem image.

nRF Cloud also helps your devices determine their locations using GNSS. It uses both assisted GNSS (A-GNSS) and predicted GPS (P-GPS). It can determine device location from cellular and Wi-Fi network information sent by the device.

Additionally, nRF Cloud allows devices to report data to the cloud for collection and analysis later. To read more about nRF Cloud, see the nRF Cloud website and the nRF Cloud documentation.

You can use the services offered by nRF Cloud in the following scenarios:

  • Device connected to nRF Cloud over CoAP. The services can be used from nRF Cloud.

  • Device connected to nRF Cloud over MQTT. The services can be used from nRF Cloud.

  • Device connected to nRF Cloud over MQTT, with a customer-developed website or application that interacts with the nRF Cloud REST API to display device data and manage it in a customized way.

  • Device connected to nRF Cloud over REST, interacting using the nRF Cloud REST API.

  • Device connected to a customer cloud service in a suitable manner. The services can be used from the customer cloud service that communicates over REST to the nRF Cloud REST API in a proxy configuration.

Choosing a protocol: CoAP, MQTT or REST

When choosing a protocol, consider the following:

  • How often does the device transmit data?

  • Which cloud APIs does the device need to access?

  • What are the power consumption requirements for the device?

  • What are the network data usage requirements for the device?

  • What are the carrier’s network settings (NAT timeout, eDRX/PSM) and how will the settings affect device behavior?

MQTT has a higher (data/power) cost to set up a connection than CoAP or REST. However, the data size of an MQTT publish event is smaller than a comparable REST transaction. The data size of a CoAP transfer can be the smallest of all. MQTT may be preferred if a device is able to maintain a connection to the broker and sends/receives data frequently. REST may be preferred if a device sends data infrequently or does not need to receive unsolicited data from the cloud. CoAP may be preferred if a device sends data infrequently, does not need to receive unsolicited data from the cloud, and must use the least amount of cellular data and the least amount of power.

CoAP overview

  • The device initiates a DTLS connection to nRF Cloud.

  • nRF Cloud supports DTLS 1.2 Connection ID in order to keep the UDP connection open and usable for a long time, regardless of any NAT translation changes between the device and cloud.

  • For authentication, the device must send a JSON Web Token (JWT) with the initial connection. The JWT is approximately 450 bytes.

  • Each CoAP transaction contains a CoAP header and API-specific payload.

REST overview

  • The device initiates a TLS connection to nRF Cloud.

  • nRF Cloud supports a connection keep-alive/idle time of 60 seconds for REST API sockets.

  • For authentication, the device must send a JSON Web Token (JWT) with each REST transaction. The JWT is approximately 450 bytes, but can be larger depending on the claims.

  • Each REST transaction contains HTTP headers, including the JWT, and any API specific payload.

MQTT overview

  • The device initiates a mutual-TLS (mTLS) connection to the nRF Cloud MQTT broker.

  • The MQTT keep-alive time can be set by the device and can be longer than 60s.

  • Device authentication through mTLS lasts throughout the MQTT connection.

  • Once connected, the device subscribes to the desired MQTT topics.

  • Each MQTT publish event contains the MQTT topic and the payload.

Security

A device can successfully connect to nRF Cloud using CoAP or REST if the following requirements are met:

  • The device contains a correct x509 CA certificate, and private key.

  • The public key derived from the private key is registered with an nRF Cloud account. The device will be visible in the nRF Cloud portal, including location service data and sensor data, if the public key is also associated with the same nRF Cloud account.

  • The device calls nRF Cloud REST APIs and provides a JSON Web Token (JWT) signed by the private key.

  • The device calls the nRF Cloud CoAP connect function, which generates and sends the JWT automatically. After that, calls to the CoAP service APIs do not transmit the JWT again but rely on the DTLS Connection ID to maintain a connection for long periods of time.

A device can successfully connect to nRF Cloud using MQTT if the following requirements are met:

  • The device contains a correct x509 CA certificate, device certificate, and private key.

  • The device ID and device certificate are provisioned with nRF Cloud.

  • The device ID is associated with an nRF Cloud account.

nRF Cloud supports the following two ways for creating and installing these certificates both in the device and the cloud:

nRF Connect SDK library support

The nRF Connect SDK provides the nRF Cloud library, which if enabled, allows you to connect your devices to nRF Cloud and use the update, location, and connectivity services using MQTT or REST.

For more information on the various services, see the following documentation:

Applications and samples

The following application uses the nRF Cloud for services in nRF Connect SDK:

The following sample demonstrates nRF Cloud-specific functionality using CoAP:

The following sample demonstrates nRF Cloud-specific functionality using MQTT:

The following samples demonstrate nRF Cloud-specific functionality using REST:

Other related samples and applications that use nRF Cloud services: