2026/02/06 - Managed integrations for AWS IoT Device Management - 9 updated api methods
Changes Adding support for Custom(General) Authorization in managed integrations for AWS IoT Device Management cloud connectors.
{'GeneralAuthorization': {'AuthMaterialName': 'string'}}
Creates a new account association via the destination id.
See also: AWS API Documentation
Request Syntax
client.create_account_association(
ClientToken='string',
ConnectorDestinationId='string',
Name='string',
Description='string',
Tags={
'string': 'string'
},
GeneralAuthorization={
'AuthMaterialName': 'string'
}
)
string
An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.
This field is autopopulated if not provided.
string
[REQUIRED]
The identifier of the connector destination.
string
The name of the destination for the new account association.
string
A description of the account association request.
dict
A set of key/value pairs that are used to manage the account association.
(string) --
(string) --
dict
The General Authorization reference by authorization material name.
AuthMaterialName (string) --
The name of the authorization material.
dict
Response Syntax
{
'OAuthAuthorizationUrl': 'string',
'AccountAssociationId': 'string',
'AssociationState': 'ASSOCIATION_IN_PROGRESS'|'ASSOCIATION_FAILED'|'ASSOCIATION_SUCCEEDED'|'ASSOCIATION_DELETING'|'REFRESH_TOKEN_EXPIRED',
'Arn': 'string'
}
Response Structure
(dict) --
OAuthAuthorizationUrl (string) --
Third-party IoT platform OAuth authorization server URL backed with all the required parameters to perform end-user authentication. This field will be empty when using General Authorization flows that do not require OAuth.
AccountAssociationId (string) --
The identifier for the account association request.
AssociationState (string) --
The current state of the account association request.
Arn (string) --
The Amazon Resource Name (ARN) of the account association.
{'AuthConfig': {'GeneralAuthorization': [{'AuthMaterialName': 'string',
'SecretsManager': {'arn': 'string',
'versionId': 'string'}}]}}
Create a connector destination for connecting a cloud-to-cloud (C2C) connector to the customer's Amazon Web Services account.
See also: AWS API Documentation
Request Syntax
client.create_connector_destination(
Name='string',
Description='string',
CloudConnectorId='string',
AuthType='OAUTH',
AuthConfig={
'oAuth': {
'authUrl': 'string',
'tokenUrl': 'string',
'scope': 'string',
'tokenEndpointAuthenticationScheme': 'HTTP_BASIC'|'REQUEST_BODY_CREDENTIALS',
'oAuthCompleteRedirectUrl': 'string',
'proactiveRefreshTokenRenewal': {
'enabled': True|False,
'DaysBeforeRenewal': 123
}
},
'GeneralAuthorization': [
{
'SecretsManager': {
'arn': 'string',
'versionId': 'string'
},
'AuthMaterialName': 'string'
},
]
},
SecretsManager={
'arn': 'string',
'versionId': 'string'
},
ClientToken='string'
)
string
The display name of the connector destination.
string
A description of the connector destination.
string
[REQUIRED]
The identifier of the C2C connector.
string
The authentication type used for the connector destination, which determines how credentials and access are managed.
dict
[REQUIRED]
The authentication configuration details for the connector destination, including OAuth settings and other authentication parameters.
oAuth (dict) --
The OAuth configuration settings used for authentication with the third-party service.
authUrl (string) -- [REQUIRED]
The authorization URL for the OAuth service, where users are directed to authenticate and authorize access.
tokenUrl (string) -- [REQUIRED]
The token URL for the OAuth service, where authorization codes are exchanged for access tokens.
scope (string) --
The OAuth scopes requested during authorization, which define the permissions granted to the application.
tokenEndpointAuthenticationScheme (string) -- [REQUIRED]
The authentication scheme used when requesting tokens from the token endpoint.
oAuthCompleteRedirectUrl (string) --
The URL where users are redirected after completing the OAuth authorization process.
proactiveRefreshTokenRenewal (dict) --
Configuration for proactively refreshing OAuth tokens before they expire.
enabled (boolean) --
Indicates whether proactive refresh token renewal is enabled.
DaysBeforeRenewal (integer) --
The days before token expiration when the system should attempt to renew the token, specified in days.
GeneralAuthorization (list) --
The authorization materials for General Authorization.
(dict) --
The authorization material containing the Secrets Manager arn and version.
SecretsManager (dict) -- [REQUIRED]
Configuration for AWS Secrets Manager, used to securely store and manage sensitive information for connector destinations.
arn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the AWS Secrets Manager secret.
versionId (string) -- [REQUIRED]
The version ID of the AWS Secrets Manager secret.
AuthMaterialName (string) -- [REQUIRED]
The name of the authorization material.
dict
The AWS Secrets Manager configuration used to securely store and manage sensitive information for the connector destination.
arn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the AWS Secrets Manager secret.
versionId (string) -- [REQUIRED]
The version ID of the AWS Secrets Manager secret.
string
An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.
This field is autopopulated if not provided.
dict
Response Syntax
{
'Id': 'string'
}
Response Structure
(dict) --
Id (string) --
The identifier of the C2C connector destination creation request.
{'AuthenticationMaterialType': {'PRE_ONBOARDED_CLOUD'}}
Creates a managed thing. A managed thing contains the device identifier, protocol supported, and capabilities of the device in a data model format defined by Managed integrations.
See also: AWS API Documentation
Request Syntax
client.create_managed_thing(
Role='CONTROLLER'|'DEVICE',
Owner='string',
CredentialLockerId='string',
AuthenticationMaterial='string',
AuthenticationMaterialType='CUSTOM_PROTOCOL_QR_BAR_CODE'|'WIFI_SETUP_QR_BAR_CODE'|'ZWAVE_QR_BAR_CODE'|'ZIGBEE_QR_BAR_CODE'|'DISCOVERED_DEVICE'|'PRE_ONBOARDED_CLOUD',
WiFiSimpleSetupConfiguration={
'EnableAsProvisioner': True|False,
'EnableAsProvisionee': True|False,
'TimeoutInMinutes': 123
},
SerialNumber='string',
Brand='string',
Model='string',
Name='string',
CapabilityReport={
'version': 'string',
'nodeId': 'string',
'endpoints': [
{
'id': 'string',
'deviceTypes': [
'string',
],
'capabilities': [
{
'id': 'string',
'name': 'string',
'version': 'string',
'properties': [
'string',
],
'actions': [
'string',
],
'events': [
'string',
]
},
]
},
]
},
CapabilitySchemas=[
{
'Format': 'AWS'|'ZCL'|'CONNECTOR',
'CapabilityId': 'string',
'ExtrinsicId': 'string',
'ExtrinsicVersion': 123,
'Schema': {...}|[...]|123|123.4|'string'|True|None
},
],
Capabilities='string',
ClientToken='string',
Classification='string',
Tags={
'string': 'string'
},
MetaData={
'string': 'string'
}
)
string
[REQUIRED]
The type of device used. This will be the hub controller, cloud device, or AWS IoT device.
string
Owner of the device, usually an indication of whom the device belongs to. This value should not contain personal identifiable information.
string
The identifier of the credential for the managed thing.
string
[REQUIRED]
The authentication material defining the device connectivity setup requests. The authorization materials used are the device bar code.
string
[REQUIRED]
The type of authentication material used for device connectivity setup requests.
dict
The Wi-Fi Simple Setup configuration for the managed thing, which defines provisioning capabilities and timeout settings.
EnableAsProvisioner (boolean) --
Indicates whether the device can act as a provisioner in Wi-Fi Simple Setup, allowing it to configure other devices.
EnableAsProvisionee (boolean) --
Indicates whether the device can act as a provisionee in Wi-Fi Simple Setup, allowing it to be configured by other devices.
TimeoutInMinutes (integer) --
The timeout duration in minutes for Wi-Fi Simple Setup. Valid range is 5 to 15 minutes.
string
The serial number of the device.
string
The brand of the device.
string
The model of the device.
string
The name of the managed thing representing the physical device.
dict
A report of the capabilities for the managed thing.
version (string) -- [REQUIRED]
The version of the capability report.
nodeId (string) --
The numeric identifier of the node.
endpoints (list) -- [REQUIRED]
The endpoints used in the capability report.
(dict) --
The endpoint used in the capability report.
id (string) -- [REQUIRED]
The id of the endpoint used in the capability report.
deviceTypes (list) -- [REQUIRED]
The type of device.
(string) --
capabilities (list) -- [REQUIRED]
The capabilities used in the capability report.
(dict) --
The capability used in capability report.
id (string) -- [REQUIRED]
The id of the schema version.
name (string) -- [REQUIRED]
The name of the capability.
version (string) -- [REQUIRED]
The version of the capability.
properties (list) -- [REQUIRED]
The capability properties used in the capability report.
(string) --
actions (list) -- [REQUIRED]
The capability actions used in the capability report.
(string) --
events (list) -- [REQUIRED]
The capability events used in the capability report.
(string) --
list
The capability schemas that define the functionality and features supported by the managed thing, including device capabilities and their associated properties.
(dict) --
Structure representing a capability schema item that defines the functionality and features supported by a managed thing.
Format (string) -- [REQUIRED]
The format of the capability schema, which defines how the schema is structured and interpreted.
CapabilityId (string) -- [REQUIRED]
The unique identifier of the capability defined in the schema.
ExtrinsicId (string) -- [REQUIRED]
The external identifier for the capability, used when referencing the capability outside of the AWS ecosystem.
ExtrinsicVersion (integer) -- [REQUIRED]
The version of the external capability definition, used to track compatibility with external systems.
Schema (:ref:`document<document>`) -- [REQUIRED]
The actual schema definition that describes the capability's properties, actions, and events.
string
The capabilities of the device such as light bulb.
string
An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.
This field is autopopulated if not provided.
string
The classification of the managed thing such as light bulb or thermostat.
dict
A set of key/value pairs that are used to manage the managed thing.
(string) --
(string) --
dict
The metadata for the managed thing.
(string) --
(string) --
dict
Response Syntax
{
'Id': 'string',
'Arn': 'string',
'CreatedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
Id (string) --
The id of the managed thing.
Arn (string) --
The Amazon Resource Name (ARN) of the managed thing.
CreatedAt (datetime) --
The timestamp value of when the device creation request occurred.
{'ClaimCertificate': 'string'}
Create a provisioning profile for a device to execute the provisioning flows using a provisioning template. The provisioning template is a document that defines the set of resources and policies applied to a device during the provisioning process.
See also: AWS API Documentation
Request Syntax
client.create_provisioning_profile(
ProvisioningType='FLEET_PROVISIONING'|'JITR',
CaCertificate='string',
ClaimCertificate='string',
Name='string',
ClientToken='string',
Tags={
'string': 'string'
}
)
string
[REQUIRED]
The type of provisioning workflow the device uses for onboarding to IoT managed integrations.
string
The id of the certificate authority (CA) certificate.
string
The claim certificate.
string
The name of the provisioning template.
string
An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.
This field is autopopulated if not provided.
dict
A set of key/value pairs that are used to manage the provisioning profile.
(string) --
(string) --
dict
Response Syntax
{
'Arn': 'string',
'Name': 'string',
'ProvisioningType': 'FLEET_PROVISIONING'|'JITR',
'Id': 'string',
'ClaimCertificate': 'string',
'ClaimCertificatePrivateKey': 'string'
}
Response Structure
(dict) --
Arn (string) --
The Amazon Resource Name (ARN) of the provisioning template used in the provisioning profile.
Name (string) --
The name of the provisioning template.
ProvisioningType (string) --
The type of provisioning workflow the device uses for onboarding to IoT managed integrations.
Id (string) --
The identifier of the provisioning profile.
ClaimCertificate (string) --
The id of the claim certificate.
ClaimCertificatePrivateKey (string) --
The private key of the claim certificate. This is stored securely on the device for validating the connection endpoint with IoT managed integrations using the public key.
{'GeneralAuthorization': {'AuthMaterialName': 'string'}}
Get an account association for an Amazon Web Services account linked to a customer-managed destination.
See also: AWS API Documentation
Request Syntax
client.get_account_association(
AccountAssociationId='string'
)
string
[REQUIRED]
The unique identifier of the account association to retrieve.
dict
Response Syntax
{
'AccountAssociationId': 'string',
'AssociationState': 'ASSOCIATION_IN_PROGRESS'|'ASSOCIATION_FAILED'|'ASSOCIATION_SUCCEEDED'|'ASSOCIATION_DELETING'|'REFRESH_TOKEN_EXPIRED',
'ErrorMessage': 'string',
'ConnectorDestinationId': 'string',
'Name': 'string',
'Description': 'string',
'Arn': 'string',
'OAuthAuthorizationUrl': 'string',
'Tags': {
'string': 'string'
},
'GeneralAuthorization': {
'AuthMaterialName': 'string'
}
}
Response Structure
(dict) --
AccountAssociationId (string) --
The unique identifier of the retrieved account association.
AssociationState (string) --
The current status state for the account association.
ErrorMessage (string) --
The error message explaining the current account association error.
ConnectorDestinationId (string) --
The identifier of the connector destination associated with this account association.
Name (string) --
The name of the account association.
Description (string) --
The description of the account association.
Arn (string) --
The Amazon Resource Name (ARN) of the account association.
OAuthAuthorizationUrl (string) --
Third party IoT platform OAuth authorization server URL backed with all the required parameters to perform end-user authentication. This field will be empty when using General Authorization flows that do not require OAuth.
Tags (dict) --
A set of key/value pairs that are used to manage the account association.
(string) --
(string) --
GeneralAuthorization (dict) --
The General Authorization reference by authorization material name.
AuthMaterialName (string) --
The name of the authorization material.
{'AuthConfig': {'GeneralAuthorization': [{'AuthMaterialName': 'string',
'SecretsManager': {'arn': 'string',
'versionId': 'string'}}]}}
Get connector destination details linked to a cloud-to-cloud (C2C) connector.
See also: AWS API Documentation
Request Syntax
client.get_connector_destination(
Identifier='string'
)
string
[REQUIRED]
The identifier of the C2C connector destination.
dict
Response Syntax
{
'Name': 'string',
'Description': 'string',
'CloudConnectorId': 'string',
'Id': 'string',
'AuthType': 'OAUTH',
'AuthConfig': {
'oAuth': {
'authUrl': 'string',
'tokenUrl': 'string',
'scope': 'string',
'tokenEndpointAuthenticationScheme': 'HTTP_BASIC'|'REQUEST_BODY_CREDENTIALS',
'oAuthCompleteRedirectUrl': 'string',
'proactiveRefreshTokenRenewal': {
'enabled': True|False,
'DaysBeforeRenewal': 123
}
},
'GeneralAuthorization': [
{
'SecretsManager': {
'arn': 'string',
'versionId': 'string'
},
'AuthMaterialName': 'string'
},
]
},
'SecretsManager': {
'arn': 'string',
'versionId': 'string'
},
'OAuthCompleteRedirectUrl': 'string'
}
Response Structure
(dict) --
Name (string) --
The display name of the connector destination.
Description (string) --
A description of the connector destination.
CloudConnectorId (string) --
The identifier of the C2C connector.
Id (string) --
The unique identifier of the connector destination.
AuthType (string) --
The authentication type used for the connector destination, which determines how credentials and access are managed.
AuthConfig (dict) --
The authentication configuration details for the connector destination, including OAuth settings and other authentication parameters.
oAuth (dict) --
The OAuth configuration settings used for authentication with the third-party service.
authUrl (string) --
The authorization URL for the OAuth service, where users are directed to authenticate and authorize access.
tokenUrl (string) --
The token URL for the OAuth service, where authorization codes are exchanged for access tokens.
scope (string) --
The OAuth scopes requested during authorization, which define the permissions granted to the application.
tokenEndpointAuthenticationScheme (string) --
The authentication scheme used when requesting tokens from the token endpoint.
oAuthCompleteRedirectUrl (string) --
The URL where users are redirected after completing the OAuth authorization process.
proactiveRefreshTokenRenewal (dict) --
Configuration for proactively refreshing OAuth tokens before they expire.
enabled (boolean) --
Indicates whether proactive refresh token renewal is enabled.
DaysBeforeRenewal (integer) --
The days before token expiration when the system should attempt to renew the token, specified in days.
GeneralAuthorization (list) --
The authorization materials for General Authorization.
(dict) --
The authorization material containing the Secrets Manager arn and version.
SecretsManager (dict) --
Configuration for AWS Secrets Manager, used to securely store and manage sensitive information for connector destinations.
arn (string) --
The Amazon Resource Name (ARN) of the AWS Secrets Manager secret.
versionId (string) --
The version ID of the AWS Secrets Manager secret.
AuthMaterialName (string) --
The name of the authorization material.
SecretsManager (dict) --
The AWS Secrets Manager configuration used to securely store and manage sensitive information for the connector destination.
arn (string) --
The Amazon Resource Name (ARN) of the AWS Secrets Manager secret.
versionId (string) --
The version ID of the AWS Secrets Manager secret.
OAuthCompleteRedirectUrl (string) --
The URL where users are redirected after completing the OAuth authorization process for the connector destination.
{'Items': {'ManagedThingAssociationStatus': 'PRE_ASSOCIATED | ASSOCIATED'}}
Lists all account associations for a specific managed thing.
See also: AWS API Documentation
Request Syntax
client.list_managed_thing_account_associations(
ManagedThingId='string',
AccountAssociationId='string',
MaxResults=123,
NextToken='string'
)
string
The identifier of the managed thing to list account associations for.
string
The identifier of the account association to filter results by. When specified, only associations with this account association ID will be returned.
integer
The maximum number of account associations to return in a single response.
string
A token used for pagination of results.
dict
Response Syntax
{
'Items': [
{
'ManagedThingId': 'string',
'AccountAssociationId': 'string',
'ManagedThingAssociationStatus': 'PRE_ASSOCIATED'|'ASSOCIATED'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Items (list) --
The list of managed thing associations that match the specified criteria, including the managed thing ID and account association ID for each association.
(dict) --
Structure representing an association between a managed thing and an account association, which connects a device to a third-party account.
ManagedThingId (string) --
The identifier of the managed thing in the association.
AccountAssociationId (string) --
The identifier of the account association in the association.
ManagedThingAssociationStatus (string) --
The status of the registration between the managed thing and the account association. Indicates whether the device is pre-associated or fully associated with the account association.
NextToken (string) --
A token used for pagination of results when there are more account associations than can be returned in a single response.
{'ConnectorDeviceIdList': ['string']}
This API is used to start device discovery for hub-connected and third-party-connected devices. The authentication material (install code) is delivered as a message to the controller instructing it to start the discovery.
See also: AWS API Documentation
Request Syntax
client.start_device_discovery(
DiscoveryType='ZWAVE'|'ZIGBEE'|'CLOUD'|'CUSTOM'|'CONTROLLER_CAPABILITY_REDISCOVERY',
CustomProtocolDetail={
'string': 'string'
},
ControllerIdentifier='string',
ConnectorAssociationIdentifier='string',
AccountAssociationId='string',
AuthenticationMaterial='string',
AuthenticationMaterialType='ZWAVE_INSTALL_CODE',
ClientToken='string',
Tags={
'string': 'string'
},
ConnectorDeviceIdList=[
'string',
],
Protocol='ZWAVE'|'ZIGBEE'|'CUSTOM',
EndDeviceIdentifier='string'
)
string
[REQUIRED]
The discovery type supporting the type of device to be discovered in the device discovery task request.
dict
Additional protocol-specific details required for device discovery, which vary based on the discovery type.
(string) --
(string) --
string
The id of the end-user's IoT hub.
string
The id of the connector association.
string
The identifier of the cloud-to-cloud account association to use for discovery of third-party devices.
string
The authentication material required to start the local device discovery job request.
string
The type of authentication material used for device discovery jobs.
string
An idempotency token. If you retry a request that completed successfully initially using the same client token and parameters, then the retry attempt will succeed without performing any further actions.
dict
A set of key/value pairs that are used to manage the device discovery request.
(string) --
(string) --
list
Used as a filter for PLA discoveries.
(string) --
string
The protocol type for capability rediscovery (ZWAVE, ZIGBEE, or CUSTOM).
string
The unique id of the end device for capability rediscovery.
dict
Response Syntax
{
'Id': 'string',
'StartedAt': datetime(2015, 1, 1)
}
Response Structure
(dict) --
Id (string) --
The id of the device discovery job request.
StartedAt (datetime) --
The timestamp value for the start time of the device discovery.
{'AuthConfig': {'GeneralAuthorizationUpdate': {'AuthMaterialsToAdd': [{'AuthMaterialName': 'string',
'SecretsManager': {'arn': 'string',
'versionId': 'string'}}],
'AuthMaterialsToUpdate': [{'AuthMaterialName': 'string',
'SecretsManager': {'arn': 'string',
'versionId': 'string'}}]}}}
Updates the properties of an existing connector destination.
See also: AWS API Documentation
Request Syntax
client.update_connector_destination(
Identifier='string',
Description='string',
Name='string',
AuthType='OAUTH',
AuthConfig={
'oAuthUpdate': {
'oAuthCompleteRedirectUrl': 'string',
'proactiveRefreshTokenRenewal': {
'enabled': True|False,
'DaysBeforeRenewal': 123
}
},
'GeneralAuthorizationUpdate': {
'AuthMaterialsToAdd': [
{
'SecretsManager': {
'arn': 'string',
'versionId': 'string'
},
'AuthMaterialName': 'string'
},
],
'AuthMaterialsToUpdate': [
{
'SecretsManager': {
'arn': 'string',
'versionId': 'string'
},
'AuthMaterialName': 'string'
},
]
}
},
SecretsManager={
'arn': 'string',
'versionId': 'string'
}
)
string
[REQUIRED]
The unique identifier of the connector destination to update.
string
The new description to assign to the connector destination.
string
The new display name to assign to the connector destination.
string
The new authentication type to use for the connector destination.
dict
The updated authentication configuration details for the connector destination.
oAuthUpdate (dict) --
The updated OAuth configuration settings for the authentication configuration.
oAuthCompleteRedirectUrl (string) --
The updated URL where users are redirected after completing the OAuth authorization process.
proactiveRefreshTokenRenewal (dict) --
Updated configuration for proactively refreshing OAuth tokens before they expire.
enabled (boolean) --
Indicates whether proactive refresh token renewal is enabled.
DaysBeforeRenewal (integer) --
The days before token expiration when the system should attempt to renew the token, specified in days.
GeneralAuthorizationUpdate (dict) --
The General Authorization update information containing authorization materials to add or update in Kinesis Data Streams.
AuthMaterialsToAdd (list) --
The authorization materials to add.
(dict) --
The authorization material containing the Secrets Manager arn and version.
SecretsManager (dict) -- [REQUIRED]
Configuration for AWS Secrets Manager, used to securely store and manage sensitive information for connector destinations.
arn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the AWS Secrets Manager secret.
versionId (string) -- [REQUIRED]
The version ID of the AWS Secrets Manager secret.
AuthMaterialName (string) -- [REQUIRED]
The name of the authorization material.
AuthMaterialsToUpdate (list) --
The authorization materials to update.
(dict) --
The authorization material containing the Secrets Manager arn and version.
SecretsManager (dict) -- [REQUIRED]
Configuration for AWS Secrets Manager, used to securely store and manage sensitive information for connector destinations.
arn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the AWS Secrets Manager secret.
versionId (string) -- [REQUIRED]
The version ID of the AWS Secrets Manager secret.
AuthMaterialName (string) -- [REQUIRED]
The name of the authorization material.
dict
The updated AWS Secrets Manager configuration for the connector destination.
arn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the AWS Secrets Manager secret.
versionId (string) -- [REQUIRED]
The version ID of the AWS Secrets Manager secret.
None