This documentation is for WSO2 IoT Server 3.1.0. View the documentation for the latest release.
Page Comparison - Architecture (v.26 vs v.27) - IoT Server 3.1.0 - WSO2 Documentation

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


WSO2 IoT Server is built on top of WSO2 Connected Device Management Framework (CDMFCDM) Framework, which in turn is built on the WSO2 Carbon platform.  The following sub sections explain the WSO2 IoT Server architecture and how it functions.


The following table explains how each component in the WSO2 IoT Server architecture functions as depicted in the above figure. 

Connected Device Management Core

The Connected Device Management (CDM) core manages and controls all the functions of WSO2 IoT Server. It is designed with many extensions. Therefore, you can extend and customize most of its functions. The CDM core consists of the following components.

Click on a component for more information and you will be navigated and navigate to the respective documentation section for more details.

Image Modified Image Modified Image Modified

Image Modified Image Modified Image Modified

Image Modified Image Modified Image Modified

Device Management Plugins

WSO2 IoT Server is designed as a pluggable architecture. Therefore, it is easy to introduce new device types to WSO2 IoT Server.

A plugin is not mandatory when creating a new device type. You can connect most of the IoT devices to WSO2 IoT Server without using an external plugin. A plugin is useful when you need to perform complex operations.

You can write a new device type using any of the following methods:

  • Want to create a device type in one go? You can now create your own device type that includes the APIs, transports, UI and more, using the device management console or APIs. For more information, see  Creating a New Device Type.
  • Does your device have common functionalities similar to our sample device types? If yes, see  Writing Device Type via the Template.
  • Does your device require special functions and need to be customized to meet a given requirement? See  Writing Device Plugins via Java Code.

Transports are required for the server to communicate with the devices and for the devices to communicate with the server. For example in WSO2 IoT Server, the server communicates with the iOS devices via the APNS transport and the devices communicate with the server using the HTTP transport. For more information on how the transports work, see Writing Transport Extensions.

The server uses push notifications to communicate with the device. By default, WSO2 IoT Server has implemented push notification providers for MQTT, XMPP, FCM, and APNS. You can write your own push notification provider too. For more information, see Adding a Push Notification Provider.


WSO2 IoT Server is fully API driven. All the APIs are equipped with industry standard swagger annotations. Therefore, stub or client generation can be done easily.

The APIs are fully secured. If you want to carry out an operation on a device, two levels of authorization take place:

  • Checks if the user is authorized to access the APIs.
  • Checks if the user is authorized to carry out the operation on the selected device.

The diagram shown below lists out the REST APIs provided by default in WSO2 IoT Server. That's not all, you are able to write your own APIs for your device type using WSO2 IoT Server due to its pluggable architecture.

Image Modified

Authentication and Authorization

When using WSO2 IoT Server in your enterprise, security, and integration are important as you need to store all the user data and device data in the server, and the devices store confidential information about your business. Further, security is a must when integrating WSO2 IoT server with other applications, user interfaces, and when exposing its capability to the outside world.

WSO2 IoT Server provides the following security protocols for authenticating and authorizing users and devices:

Image Modified

Further, to authenticate and authorize the APIs, WSO2 IoT Server uses scopes. A scope has a permission assigned to it. For more information, see Device Management API Scopes.

Analytics and Analytics Plugin

Analysing the data gathered by your devices is important for you to identify patterns and predict future trends. Therefore, by default WSO2 IoT Server combines real-time, batch, interactive, and predictive (via machine learning) analysis of data into one integrated platform to support the multiple demands of the IoT solutions. Using WSO2 IoT Server, you can write your own methods to gather the data from your device and analyze the data that was gathered.

WSO2 IoT Server has the capability to analyze the data gathered from the device on the device itself. This is achieved via the edge computing capability in WSO2 IoT Server.

Applications and external system applciations

Applications and external system applications are able to connect with WSO2 IoT Server without any hassle as all its functions are exposed via secured APIs. It also provides secure communication between the devices and the applications through the authentication methods, such as SSO, SAML, and XACML, when connected with WSO2 Identity Server.

  • Try out the Mobile Application Management tutorial to get a quick understanding of how to create, manage and install applications using WSO2 IoT Server.
  • Want to know more about how to install an application on many devices at once and the mobile application life cycle, see Managing Mobile Applications.
Devices and SDKs

WSO2 IoT Server provides SDK support to build and connect your device with the WSO2 IoT platform. As all of the functionalities are exposed through APIs, the SDK support makes it easy easier to create new device agent applications that run on the device. All the basic functionalities required to connect the device to the server are supported in the SDK itself.