Gateway Connection

When using a mobile app (gateway), once the user logs in to the system, the application receives a JWT token that is used for each API call to BioT cloud. The log in must be done using the owner's credentials for the Gateway to be able to communicate with BioT.

See Login to BioT for information on how to obtain and maintain the JWT token.

Getting Temporary Credentials

When using a mobile app, we assume that there is a logged-in user, e.g. patient, caregiver.
The mobile app receives temporary credentials by calling Get temporary credentials for device API.

For a successful call, the response holds the device access credentials to the BioT MQTT broker and its endpoint URL (Note that this is the IoT endpoint, and not the BioT API endpoint).

For example:

  "endpoint": "string",
  "credentials": {
    "accessKeyId": "string",
    "secretAccessKey": "string",
    "sessionToken": "string",
    "expiration": "2022-07-28T14:23:22.153Z"
  "connectionClientId": "string"


  • Endpoint is response.endpoint
  • AccessKey is response.credentials.accessKeyId
  • SecretKey is response.credentials.secretAccessKey
  • Expiration time for the credentials is response.credentials.expiration

To refresh the temporary credentials before expiration, re-call the same API.