Soracom Beam

Website Entry Point

This entry point behaves similarly to the HTTP entry point, accepting HTTP requests from an Air for Cellular device and forwarding the request to the forwarding destination via HTTP or HTTPS. Unlike the HTTP entry point, this entry point will automatically map any URI path from the original HTTP request to the forwarding destination. For example, an HTTP request sent to http://beam.soracom.io:18080/my/custom/path will be forwarded to https://myserver.example.com/my/custom/path without the need of defining the URI path within Beam.

---

Configuration

Entry Point

Your device should be configured to send data to: http://beam.soracom.io:18080 or http://beam.soracom.io.

Parameters

• Configuration name (string, required) - A string to identify this configuration.
• Destination - The forwarding destination.
  • Protocol (HTTP or HTTPS, required) - The protocol to use for forwarding HTTP requests.
  • Host name (string, required) - The FQDN of the forwarding destination.
  • Port number (number, required) - The port number of the forwarding destination.
• Header manipulations - Operations to perform on the HTTP request headers.
  • IMSI header - Adds X-Soracom-IMSI: {IMSI} to the HTTP request header.
  • SIM ID header - Adds X-Soracom-SIM-ID: {SIM_ID} to the HTTP request header.
  • MSISDN header - Adds X-Soracom-MSISDN: {MSISDN} to the HTTP request header.
  • IMEI header - Adds X-Soracom-IMEI: {IMEI} to the HTTP request header.
  • Signature header - Adds X-Soracom-Signature: {Signature} to the HTTP request header. This option requires IMSI header or IMEI header to be enabled in order to generate the signature.
  • Pre-Shared Key - The key to use when generating the Signature header.
  • Custom headers - Additional options for adding, modifying, or removing headers from HTTP requests before they are forwarded to the destination.
  • Authorization header - Adds Authorization: {Parameter} to the HTTP request header.

Refer to the Header Manipulations documentation for additional details.

---

Behavior

The Website entry point has the same behavior as the HTTP entry point.

---

Advanced Configuration

The Website entry point can also be configured through the Soracom API or CLI by using the SoracomBeam namespace.

Configuration should be performed using http://beam.soracom.io:18080 as the configuration key value.

Parameters

• key (string, required) - http://beam.soracom.io:18080
• value (object, required) - The configuration parameters.
  • name (string, optional) - Name to identify this configuration.
  • destination (string, required) - URL of the forwarding destination.
  • enabled (boolean, required) - Enables or disables the configuration.
  • addSubscriberHeader - (boolean, optional) - Enables or disables adding the subscriber IMSI as an HTTP header in the forwarded request.
  • addSimIdHeader - (boolean, optional) - Enables or disables adding the SIM ID as an HTTP header in the forwarded request.
  • addMsisdnHeader - (boolean, optional) - Enables or disables adding the SIM MSISDN as an HTTP header in the forwarded request.
  • customHeaders (object, optional) - Defines custom headers behavior. Each custom header is defined using:
    • X-Header-Name (string, required) - Name of the custom header.
      • action (string, required) - Defines the header behavior using one of the following values:
        • append - Appends the defined header to the HTTP request.
        • replace - Replaces any existing header with the defined header value.
        • delete - Deletes the header from the HTTP request.
      • headerKey (string, required) - The header name.
      • headerValue (string, required) - The header value.
  • addSignature (boolean, required) - Enables or disables adding a signature header for subscriber verification
  • psk.$credentialsId (string, optional) - The ID assigned to the pre-shared key credential set. Used for signing when addSignature is set as true. This ID is set when the credential is registered in the Credentials Store.
  • addAuthorizationHeader (object, optional) - Defines authorization header behavior. Each authorization header is defined using:
    • enabled (boolean, required) - Enables or disables adding a authorization header.
    • type (string, required) - Defines the authorization header type using one of the following values:
      • bearer_jwt - Add an Authorization: Bearer {token} header to use the Bearer scheme defined in RFC 6750. In {token}, a JSON Web Token (JWT) issued using "Google Service Account (JSON)" credential set or "Private Key (PEM)" credential set will be inserted.
      • aws_sig_v4 - Add AWS Signature Version 4. AWS Signature version 4 is generated using "AWS credentials" credential set or "AWS IAM Role credentials" credential set.
      • bearer - Add an Authorization: Bearer {token} header to use the Bearer scheme defined in RFC 6750. In {token}, "API Token credentials" or "Pre-Shared Key" credential set will be inserted.
      • basic - Add an Authorization: Basic {credentials} header to use Basic authentication as defined in RFC 7617. In {credentials}, a Base64 string generated from the user name and password set in "Username password credentials" credential set is inserted.
    • config (object, required) - The settings for the authorization header based on the type.
      • If the type is bearer_jwt:
        • jwtClaims (object, required) - The information used to generate the JSON web token. For example:

          {
          "iss": "soracom-beam@long-stack-371107.iam.gserviceaccount.com",
          "sub": "soracom-beam@long-stack-371107.iam.gserviceaccount.com",
          "aud": "https://pubsub.googleapis.com/google.pubsub.v1.Publisher"
          }

          iat and exp are automatically generated when a device accesses Beam.

        • credentials.$credentialsId (string, required) - The credential ID of the Google Service Account (JSON) or private key (PEM) registered in the Credentials Store.
        • algorithm (string, required) - Used to specify the signature algorithm. Valid choices are RS256, ES256, RS512, or ES512.
      • If the type is aws_sig_v4:
        • service (string, required) - Choose lambda, sagemaker, geo, or s3.
        • region (string, required) - Specify your AWS resource region. For example: ap-northeast-1.
        • unsignedPayload (boolean, required) - Set as true if you might upload files larger than 1 MiB to AWS S3.
        • credentials.$credentialsId (string, required) - The credential ID of the AWS IAM role credential registered in the Credentials Store.
      • If the type is bearer:
        • credentials.$credentialsId (string, required) - The credential ID of the API token credential or pre-shared key credential registered in the Credentials Store.
      • If the type is basic:
        • credentials.$credentialsId (string, required) - The credential ID of the username/password credential registered in the Credentials Store.

Sample

[
  {
    "key": "http://beam.soracom.io:18080",
    "value": {
      "name": "test",
      "destination": "https://beamtest.soracom.io",
      "enabled": true,
      "addSubscriberHeader": true,
      "addSimIdHeader": true,
      "addMsisdnHeader": true,
      "customHeaders": {
        "X-GROUP-NAME": {
          "action": "replace",
          "headerKey": "X-GROUP-NAME",
          "headerValue": "TEST"
        }
      },
      "addSignature": true,
      "psk": {
        "$credentialsId": "CredentialsID"
      },
      "addAuthorizationHeader": {
        "enabled": false
      }
    }
  }
]