Soracom Beam

Website Entry Point

The Website entry point behaves similarly to the HTTP entry point. It accepts HTTP requests from Air for Cellular devices and forwards them to the destination using HTTP or HTTPS. Unlike the HTTP entry point, it automatically maps the request URI path to the destination URL. For example, an HTTP request sent to http://beam.soracom.io:18080/my/custom/path will be forwarded to https://myserver.example.com/my/custom/path.

Optionally, you can include a path in the destination. When a path is configured, the device's request URI path is appended after it. The original request URI path is not replaced. For example, if the destination includes a path of /base, a request to http://beam.soracom.io:18080/my/custom/path will be forwarded to https://myserver.example.com/base/my/custom/path.

Configuration

Entry Point

Your device should be configured to send data to: http://beam.soracom.io:18080 or http://beam.soracom.io.

Parameters

• Configuration name (string, required) - A string to identify this configuration.
• Destination - The forwarding destination.
  • Protocol (HTTP or HTTPS, required) - The protocol to use for forwarding HTTP requests.
  • Host name (string, required) - The FQDN of the forwarding destination.
  • Port number (number, required) - The port number of the forwarding destination.
  • Path (string, optional) - The path to use for the forwarding destination. The device's request URI path will be appended after this path.
• Client Certificate - The SSL/TLS client authentication configuration.
  • Use client cert - Enables the use of a client certificate for authentication.
  • Credentials set - The client certificate stored in Credential Sets to use for authentication.
• Header manipulations - Operations to perform on the HTTP request headers.
  • IMSI header - Adds X-Soracom-IMSI: {IMSI} to the HTTP request header.
  • SIM ID header - Adds X-Soracom-SIM-ID: {SIM_ID} to the HTTP request header.
  • MSISDN header - Adds X-Soracom-MSISDN: {MSISDN} to the HTTP request header.
  • IMEI header - Adds X-Soracom-IMEI: {IMEI} to the HTTP request header.
  • Signature header - Adds X-Soracom-Signature: {Signature} to the HTTP request header. This option requires IMSI header or IMEI header to be enabled in order to generate the signature.
  • Pre-Shared Key - The key to use when generating the Signature header.
  • Custom headers - Additional options for adding, modifying, or removing headers from HTTP requests before they are forwarded to the destination.
  • Authorization header - Adds Authorization: {Parameter} to the HTTP request header.

For details on configuring and using header manipulations, refer to the Header Manipulation page.

Behavior

For simple HTTP requests, the Website entry point behaves the same as the HTTP entry point.

Advanced Configuration

The Website entry point can also be configured through the Soracom API or CLI by using the SoracomBeam namespace.

Configuration should be performed using http://beam.soracom.io:18080 as the configuration key value.

Parameters

• key (string, required) - http://beam.soracom.io:18080
• value (object, required) - The configuration parameters.
  • name (string, optional) - Name to identify this configuration.
• destination (string, required) - URL of the forwarding destination. A path can be included in the URL (e.g., https://myserver.example.com/base). When a path is included, the device's request URI path is appended after it.
  • enabled (boolean, required) - Enables or disables the configuration.
  • useClientCert (boolean, optional) - Enables or disables the use of an SSL/TLS client certificate for authentication.
  • clientCerts (object, optional) - The SSL/TLS client certificates to attach.
    • $credentialsId (string, optional) - ID of the credential set with the appropriate client certificate.
  • addSubscriberHeader - (boolean, optional) - Enables or disables adding the subscriber IMSI as an HTTP header in the forwarded request.
  • addSimIdHeader - (boolean, optional) - Enables or disables adding the SIM ID as an HTTP header in the forwarded request.
  • addMsisdnHeader - (boolean, optional) - Enables or disables adding the SIM MSISDN as an HTTP header in the forwarded request.
  • customHeaders (object, optional) - Defines custom headers behavior. Each custom header is defined using:
    • X-Header-Name (string, required) - Name of the custom header.
      • action (string, required) - Defines the header behavior using one of the following values:
        • append - Appends the defined header to the HTTP request.
        • replace - Replaces any existing header with the defined header value.
        • delete - Deletes the header from the HTTP request.
      • headerKey (string, required) - The header name.
      • headerValue (string, required) - The header value.
  • addSignature (boolean, required) - Enables or disables adding a signature header for subscriber verification.
  • psk.$credentialsId (string, optional) - The ID assigned to the pre-shared key credential set. Used for signing when addSignature is set as true. This ID is set when the credential is registered in the Credential Sets.
  • addAuthorizationHeader (object, optional) - Defines authorization header behavior. Each authorization header is defined using:
    • enabled (boolean, required) - Enables or disables adding an authorization header.
    • type (string, required) - Defines the authorization header type using one of the following values:
      • bearer_jwt - Add an Authorization: Bearer {token} header to use the Bearer scheme defined in RFC 6750. In {token}, a JSON Web Token (JWT) issued using "Google Service Account (JSON)" credential set or "Private Key (PEM)" credential set will be inserted.
      • aws_sig_v4 - Add AWS Signature Version 4. AWS Signature version 4 is generated using "AWS credentials" credential set or "AWS IAM Role credentials" credential set.
      • bearer - Add an Authorization: Bearer {token} header to use the Bearer scheme defined in RFC 6750. In {token}, "API Token credentials" or "Pre-Shared Key" credential set will be inserted.
      • basic - Add an Authorization: Basic {credentials} header to use Basic authentication as defined in RFC 7617. In {credentials}, a Base64 string generated from the user name and password set in "Username password credentials" credential set is inserted.
    • config (object, required) - The settings for the authorization header based on the type.
      • If the type is bearer_jwt:
        • jwtClaims (object, required) - The information used to generate the JSON web token. For example:

          {
          "iss": "soracom-beam@long-stack-371107.iam.gserviceaccount.com",
          "sub": "soracom-beam@long-stack-371107.iam.gserviceaccount.com",
          "aud": "https://pubsub.googleapis.com/google.pubsub.v1.Publisher"
          }

          iat and exp are automatically generated when a device accesses Beam.

        • credentials.$credentialsId (string, required) - The credential ID of the Google Service Account (JSON) or private key (PEM) registered in the Credential Sets.
        • algorithm (string, required) - Used to specify the signature algorithm. Valid choices are RS256, ES256, RS512, or ES512.
      • If the type is aws_sig_v4:
        • service (string, required) - Choose lambda, sagemaker, geo, or s3.
        • region (string, required) - Specify your AWS resource region. For example: ap-northeast-1.
        • unsignedPayload (boolean, required) - Set as true if you might upload files larger than 1 MiB to AWS S3.
        • credentials.$credentialsId (string, required) - The credential ID of the AWS IAM role credential registered in the Credential Sets.
      • If the type is bearer:
        • credentials.$credentialsId (string, required) - The credential ID of the API token credential or pre-shared key credential registered in the Credential Sets.
      • If the type is basic:
        • credentials.$credentialsId (string, required) - The credential ID of the username/password credential registered in the Credential Sets.

Sample

[
  {
    "key": "http://beam.soracom.io:18080",
    "value": {
      "name": "test",
      "destination": "https://beamtest.soracom.io",
      "enabled": true,
      "addSubscriberHeader": true,
      "addSimIdHeader": true,
      "addMsisdnHeader": true,
      "customHeaders": {
        "X-GROUP-NAME": {
          "action": "replace",
          "headerKey": "X-GROUP-NAME",
          "headerValue": "TEST"
        }
      },
      "addSignature": true,
      "psk": {
        "$credentialsId": "CredentialsID"
      },
      "addAuthorizationHeader": {
        "enabled": false
      }
    }
  }
]