Domain Model and Security Principles of the re.alto API Platform

20.01.2025

This article is intended as a guide and introduction for architects/developers using the re.alto API platform.  

 

Introduction

The vision of re.alto is to support businesses in developing outstanding products by providing APIs and energy-driven data solutions to help build digital products faster. We do this by connecting to devices through their existing IoT connectivity. At the core of our solution is a powerful IoT management platform. It connects to any type of device, streams device data in real-time and securely stores it for future retrieval. The platform can stream thousands of data sets per second, it can aggregate readings, it can retrieve charge data records (where available), and it can be used to manage and steer devices. Integration is also straightforward.  

The guide below explains our domain model, the terminology used and our IoT platform’s security principles.  

 

Components of the Domain Model (Terminology and Set-Up) 

The platform is structured in Tenants. Tenant refers to a customer environment. Every Tenant has an administrator. The Tenant admin controls everything within that Tenant. The Tenant admin can be either a person or a program/app, which are known as Principals of type User or Client respectively. A Client is usually used by a backend system/process like an app and has a Client ID and a Client secret. A User logs in using an email and password. It is this Client ID or User ID that defines what you have access to see on the platform. The Tenant admin is also a Principal (which is therefore either a Client ID or a User). Members are Clients or Users that are part of a Tenant but are not admins. Members also either have a Client ID or a User ID, however members cannot remove/add themselves or other members to a Tenant, only the Tenant admin has the right to do this.  

In each Tenant, the Tenant admin can onboard devices which we refer to as Entities. An Entity is added in the system via an onboarding request raised by a Principal with access, which also becomes the owner unless a different owner is specified in the request. Any sort of device that we onboard becomes an Entity and receives an Entity ID. Each Entity has an owner. The Entity owner has the right to change its properties. Members have reduced rights and can read the data but cannot alter the properties of an Entity.  

Entities can be grouped together in Collectives. A Tenant can have multiple Collectives, making it easy to separate different Entities into groups (depending on company they belong to, for example). Entities that are grouped together in Collectives can be displayed together. Each Collective has an owner that is assigned by the Tenant admin, and multiple members can be added to each Collective, all of whom then have rights to see the data of the Entities within that Collective. “Collective” refers to a group of Entities and of Users who are members of a Collective. A Collective of Entities has a Collective owner and Collective members. The data from all Entities in a Collective can be shared with a number of Principals (User or Client IDs). The owner of the Collective can set certain parameters on an Entity, such as its name. Members can only use the Entities (ie: read their data).  

The Collective is a powerful tool to link various Entities together and then share the data with other people or programs. For example, a fleet manager could use a Collective to conveniently see the data from all of their company’s vehicles in one place. However, a Collective could also refer to a household with multiple cars, a heat pump etc, and any member of that Collective could then view the data from all Entities within that Collective.  

 

Security

The security principles are based on the domain model explained in the first part of this article. You must be the Tenant owner/admin or member of the Tenant, or the Collective owner or member of the Collective, to be able to see the data of a device. To authenticate against our platform, a Client ID or User ID is required. Once you have that, you must be the owner or member of a Tenant or Collective in order to access data. Every individual record, Tenant, Entity and Collective is secured with these security rights. The only way to access our platform is to have a Principal ID, which is either the Client ID (for programs) or the User ID (for people). This ID is either a member of a Tenant or a Collective, or the owner of an Entity. This determines whether you can see that Entity and its data and do something with this data or not. If you do not have rights to any Entities, Tenants or Collectives, you won’t be able to view any data. 

re.alto’s customer can have one Tenant on our platform but organise onboarded Entities into various Collectives within that Tenant. This means if Company A is working with various companies/fleet managers, for example, they can onboard the vehicles from various companies and organise each of these into their own Collective, meaning each company/fleet manager will only be able to see the data from the cars in their respective Collective and not the data from cars organised into a separate collective by Company A. Any vehicle added to the Collective later can also easily be viewed without any additional work – that is the power of the Collective. Company A is the owner of the Collective within their Tenant, but they can make Fleet Manager A a member of a Collective and assign them rights within that Collective, so that they can see data from vehicles within the Collective. But they will remain unable to view data from vehicles in the other Collectives within Company A’s Tenant. You have to be a member of a specific Collective to see the data from entities within that Collective – and that is where the domain model meets the security model.  

Explore more

API

What is an API?

API hub What is an API? The term API is an acronym, and it stands for “Application Programming Interface.” An API is a vital building block in any digital transformation strategy, and one of the most valuable in achieving scale, reach and innovation. Behind every mobile app and online experience,

Read More »

API

API

API

APIs in energy

API hub APIs in energy Digitalisation in the energy sector. Unlike other industries where digitisation is the norm, the energy sector is a child by comparison.  In many countries, electricity is still purchased via a sales representative using a paper contract. Many energy retailers, (renewable) energy producers or grid operators

Read More »

API

API

re.alto Talks Part II

API hub re.alto Talks, Part I: Realising the energy transition in times of change This webinar is Part One of a three-part series on “Realising the energy transition in times of change”. https://youtu.be/YBdnui2y904 Explore more

Read More »

API

API

re.alto Talks Part III

API hub re.alto Talks, Part III: The benefits of an API marketplace in energy This webinar is Part Three of a three-part series on “Realising the energy transition in times of change”. https://youtu.be/C2IRj699eWg Explore more

Read More »

API

API

re.alto API overview

API hub re.alto API overview re.alto energy – Technical Setup for Existing APIs On the re.alto platform, individual Users can search for, and subscribe to a Provider’s API products. These subscriptions are monitored, tracked, and (if monetised) billed and settled individually by the re.alto platform.   Each subscription made by

Read More »

API

Frequently asked questions

API hub re.alto Marketplace FAQ What is the re.alto API marketplace? The re.alto marketplace is a marketplace for digital energy products and services, delivered via APIs. You can register as a provider or a consumer/user. As a provider, your digital products via APIs are uploaded to the re.alto marketplace, where

Read More »

API

Energy Quantified and re.alto case study

API hub Energy Quantified and re.alto The API-led approach to digital scale and industry growth As decentralisation of the energy market drives the rise of a host of smaller industry players, easy access to digital products at volume is now an essential factor for the rapid scalability desired by those

Read More »

API

APIs are everywhere – short animation

API hub APIs are everywhere – short video animation We are in living in an increasingly API-centric world. APIs are everywhere you look – and you might not even realise it. Need evidence? Gartner considers API management tools an essential component of the unrealized hybrid integration platform (HIP), currently an

Read More »

API

API

Three things you may not know about APIs

API hub Three things you may not know about APIs API. Application Programming Interface. It is the communications channel between two web-based applications, allows the exchange of data without any connecting physical infrastructure. APIs lie at the very heart of digital transformation. According to the 2020 State of the API

Read More »

API

Alternative APIs for Dark sky

API hub Alternative APIs for Dark sky and the strategic value of weather forecasting data in energy In this article you’ll be introduced to weather data use cases and the importance of weather data within the renewable energy and digital landscape.  We also do a deeper dive into alternative APIs

Read More »

API

Dev

Dev

Scaling with Azure Container Apps and Apache Kafka

API hub Scaling with Azure Container Apps & Apache Kafka 11.06.2024 This article, written by re.alto’s development team, explains how to scale with Azure Container Apps and Apache Kafka. While such documentation already exists for use with Microsoft products, our development team did not find any similar documentation on how

Read More »