IoTBackend Cloud

Appearance

Template Download & Provision Token

When you download a device template from Dashboard, IoTBackend prepares a device-specific PlatformIO project archive for that device.

What happens during download

When template download is requested:

  1. IoTBackend selects the correct board or board-variant template.
  2. The template is copied to a temporary working directory.
  3. A new one-time provisioning token is generated for the device.
  4. The prepared project is packed into a ZIP archive and returned for download.

This means a template download is not only a file download. It also generates fresh device-specific configuration.

What the downloaded template contains

The generated template includes device-specific values embedded into device_config.h:

  • device UID
  • platform key
  • MQTT host
  • MQTT port
  • device MQTT username
  • device MQTT password
  • OTA base URL
  • API host
  • one-time provisioning token

These values allow the firmware to identify itself correctly and complete first-time bootstrap.

What the provisioning token is for

The provisioning token is a one-time bootstrap secret used by the device during the initial registration / setup flow.

Its purpose is to let a freshly flashed device prove that it belongs to the device record created in Dashboard.

After use, the token is no longer valid.

Why a new token is generated on download

A fresh token is generated on template download, so the ZIP contains a current one-time token instead of an old or already-used one.

This reduces the chance of flashing firmware with stale bootstrap credentials.

If you regenerate the provisioning token later from the device page, the old token embedded in your existing local device_config.h becomes outdated.

Before rebuilding and flashing firmware again, replace the token value in device_config.h with the newly generated one.

Otherwise the device may try to bootstrap with an invalid or already-rotated token.

device_config.h and the generated template

The downloaded ZIP contains a rendered include/device_config.h file.

The generated file gives the firmware the values it needs to:

  • connect to the correct MQTT broker
  • identify itself with the correct UID
  • authenticate using per-device MQTT credentials
  • contact the correct API/OTA endpoints
  • complete first bootstrap using the embedded token

Security notes

  • Do not share downloaded device templates publicly.
  • Do not reuse a provisioning token between devices.
  • If you suspect a token was exposed, generate a fresh one from the device page.
  • Device MQTT credentials are per-device and should not be copied to other devices.
  • Template download is the preferred path when preparing a new device.
  • Regenerate token only is useful when you need a fresh one-time token without downloading the ZIP again.