IoTRoutes architecture  

➡ Components description

This diagram describes the main components provided by the IoTRoutes platform. The complete list of features and their operation are detailed in the user guide.

• Messaging module : 

  Ensures the reception and sending of IoT messages between the platform and the devices, the type of exchange and the message structure are fully configurable via the functionality "Messages Formats". 

  Multiple structures can be defined for each type of exchange. For communication via MQTT, a single MQTT broker is installed by default for each deployment, but the platform administrator can add and enable/disable brokers depending on the size of the platform and the number of devices to be managed.

  IoTRoutes uses a built-in broker layer based on the MQTTnet framework, a powerful and lightweight .NET library implementing the MQTT protocol (versions 3.1.1 and 5.0).
  This choice provides native integration, full extensibility, and low resource usage — making brokers an essential component of the IoTRoutes architecture.

   

• Workers module :

  Also named Jobs module, These are jobs that are launched to execute one or more actions in a sequential and/or parallel manner. These actions can be configured via a visual workflow designer. There are two types of jobs:

  • Immediate work:  which are triggered by an event, such as the reception of a batch of messages in the queue or the connection of a new device. This type of work is essential for filtering, receiving and converting received messages. Depending on the configuration, message interpreters can be activated at this level in order to detect anomalies or urgent alerts, or to extract other data from media sent by the device such as images, videos or sounds..

  • Planned Works and Manual Works : Similar to other jobs, these are workflows that are launched manually or at specific times to perform analysis actions, generate reports, send commands to devices and interface or synchronize with external systems.

     

• Communication module:  

  This module allows the IoTRoutes platform to exchange information with other systems, including the IoTRoutes web client. It plays a dual role:

1. User interaction : It manages user login so that they can configure, view and extract data from the platform.
2. System interoperability : It provides the interface between IoTRoutes and internal processes or external systems.

    The Communication module publishes REST APIs made available to third-party applications and also manages the connection to secure objects configured via the "Communicators" functionality — such as external APIs, SMTP, FTP servers, or others. These connections are used for integration, automation, or notification purposes.

• Authentication & Authorization Module :  

  This module provides user security, access management and data isolation on IoTRoutes. 

  • Internal users : Gérés localement dans la base de données et les mots de passe sont cryptés.
  • Role-based authorization (RBAC) :
    • Access levels by role per object: Each role defines access levels for each secured object such as None, View, Manage, etc.
    • Advanced actions can be configured per role and per object (e.g., “activate” a broker, “reset password” for a user,"Send" specific command to device).
  • Data isolation and security:
    • The system manages entities representing organizations, sub-organizations, people or customers.
    • A limited user, associated with a specific entity, can only access data related to that entity.
      Example: A user with the client role, attached to the "Client X" entity, can only view and manipulate devices and their data associated with that entity. 
  • Securing APIs:
    • Users receive short-delivered JWT tokens with refresh.
    • Each API route is associated with a specific action, and access is only allowed if the user's role allows it (e.g., GET allowed to display the corresponding object).

  • IoT Device Access to the Platform : 

    Each MQTT broker defines its own authentication and authorization for devices. Data communicated between the platform and devices is encrypted using SSL/TLS for HTTP communication and X.509 certificates for MQTT connections.

This module ensures fine-grained and granular access control, data security by entity, and compliance with best practices for users and IoT devices.

• Storage module : 

  This module manages the recording and storage of data exchanged within the IoTRoutes platform. It is based on two types of complementary databases:

  • Data : SQL and NoSQL databases dedicated to storing application data as well as messages exchanged with the platform.
  • Files Storage : a file storage system, used to store media objects and files sent by devices, as well as documents, reports, and any other user files.

       Messages received from devices are first placed in a queue awaiting processing by the acquisition workers. Once processed, they are saved in the database and then follow the lifecycle defined via the feature"Messages LifeCycle".