This example code shows how to use the advanced Device Request APIs available from the Machina Platform. It is meant to serve as sample code for developers learning about those APIs to use as reference.
Most developers will instead prefer to use Ionic's supported SDK, which include a Python SDK which has the same functionality shown in these examples, as well as significant additional features. There are SDK examples for Create Key and Get Key.
You will need to obtain a tenant. A free tenant can be obtained here. By following the prompted path, your device will be enrolled.
You may want to use Python's virtualenv toolkit to manage your environment.
Once loaded, install the pre-requisites:
pip install -r requirements.txt
The example.py
sample shows how to create keys, and then request them again.
These two operations are usually done independently.
Using this example requires a Secure Enrollment Profile (SEP), which it expects via the plaintext profile persistor in a file $HOME/.ionicsecurity/profiles.pt
.
Read Enrollment Overview to learn more.
See Enrolling below if you didn't enroll via another mechanism.
This example shows how to use the Create Key API and the Get Key API.
The example_enroll.py
tool shows enrolling a device and obtaining a SEP, and then storing it using the plaintext profile persistor.
Using this example requires first editing the code to define the correct values for the variables.
After setting those values, it can be run and will produce $HOME/.ionicsecurity/profiles.pt
which is the SEP stored in plaintext.
There are two options for setting the values:
If, and only if, your enrollment server is linked to Ionic's IdP (which is only for development/demo environments), then you can enter your Ionic username and password in the file (for demonstration purposes only) and it will obtain the stoken/uidauth values for you.
These values are typically obtained from doing the workflows described in Enrollment Overview,
such as SAML, Oauth, email token, or generated SAML assertions.
You will need to perform the communication with the enrollment server, following the process for your selected
enrollment type, to obtain these values before entering them and then running this script.
See registration/get_ionic_token.py
for an example of doing this for a SAML enrollment against the demonstration Ionic IdP.