Skip to content

Ingest API

Two transports, one authentication model: fleet-scoped hashed keys. The server stamps the tenant from the key — never from the payload — so a device cannot write into another fleet or another organization.

REST

POST /v1/ingest
X-Ingest-Key: vsk_…

{
  "device_id":  "uuid — must belong to the key's fleet",
  "payload_hex": "raw frame, hex-encoded",
  "ts":          "optional ISO-8601; defaults to arrival time"
}

→ 202 Accepted   (decoding happens off the request path)

MQTT

Publish the same hex payload to ingest/{fleet_id}/{device_id} — username is the fleet id, password is the ingest key. The broker enforces a per-fleet ACL: publishing to another fleet's topic is rejected at the broker, before our code ever sees it.

Failure semantics

A frame that cannot be decoded (for example, shorter than the active rule expects) is parked on a dead-letter stream and never blocks the pipeline; the raw payload is stored regardless, so a corrected rule can replay it.

Rate/size limits are per plan. 401 means the key is wrong or revoked; 404 means the device id is not in the key's fleet — check both before suspecting the pipeline.