Soracom Beam
Website Entry Point
This entry point behaves similarly to the HTTP entry point, accepting HTTP requests from an Air for Cellular device and forwarding the request to the forwarding destination via HTTP or HTTPS. Unlike the HTTP entry point, this entry point will automatically map any URI path from the original HTTP request to the forwarding destination. For example, an HTTP request sent to http://beam.soracom.io:18080/my/custom/path will be forwarded to https://myserver.example.com/my/custom/path without the need of defining the URI path within Beam.
Configuration
Entry Point
Your device should be configured to send data to: http://beam.soracom.io:18080 or http://beam.soracom.io.
Parameters
- Configuration name (string, required) - A string to identify this configuration.
- Destination - The forwarding destination.
- Protocol (
HTTPorHTTPS, required) - The protocol to use for forwarding HTTP requests. - Host name (string, required) - The FQDN of the forwarding destination.
- Port number (number, required) - The port number of the forwarding destination.
- Protocol (
- Client Certificate - The SSL/TLS client authentication configuration.
- Use client cert - Enables the use of a client certificate for authentication.
- Credentials set - The client certificate stored in Credential Sets to use for authentication.
- Header manipulations - Operations to perform on the HTTP request headers.
- IMSI header - Adds
X-Soracom-IMSI: {IMSI}to the HTTP request header. - SIM ID header - Adds
X-Soracom-SIM-ID: {SIM_ID}to the HTTP request header. - MSISDN header - Adds
X-Soracom-MSISDN: {MSISDN}to the HTTP request header. - IMEI header - Adds
X-Soracom-IMEI: {IMEI}to the HTTP request header. - Signature header - Adds
X-Soracom-Signature: {Signature}to the HTTP request header. This option requires IMSI header or IMEI header to be enabled in order to generate the signature. - Pre-Shared Key - The key to use when generating the Signature header.
- Custom headers - Additional options for adding, modifying, or removing headers from HTTP requests before they are forwarded to the destination.
- Authorization header - Adds
Authorization: {Parameter}to the HTTP request header.
- IMSI header - Adds
For details on configuring and using header manipulations, refer to the Header Manipulation page.
Even if you want to use WebSocket connection, you should set the Destination Protocol as HTTP or HTTPS instead of WS or WSS.
Behavior
For the simple HTTP request, the Website entry point has the same behavior as the HTTP entry point. In addition, the Website entry point can forward WebSocket connection.
Advanced Configuration
The Website entry point can also be configured through the Soracom API or CLI by using the SoracomBeam namespace.
Configuration should be performed using http://beam.soracom.io:18080 as the configuration key value.
Parameters
- key (string, required) -
http://beam.soracom.io:18080 - value (object, required) - The configuration parameters.
- name (string, optional) - Name to identify this configuration.
- destination (string, required) - URL of the forwarding destination.
- enabled (boolean, required) - Enables or disables the configuration.
- useClientCert (boolean, optional) - Enables or disables the use of an SSL/TLS client certificate for authentication.
- clientCerts (object, optional) - The SSL/TLS client certificates to attach.
- $credentialsId (string, optional) - ID of the credential set with the appropriate client certificate.
- addSubscriberHeader - (boolean, optional) - Enables or disables adding the subscriber IMSI as an HTTP header in the forwarded request.
- addSimIdHeader - (boolean, optional) - Enables or disables adding the SIM ID as an HTTP header in the forwarded request.
- addMsisdnHeader - (boolean, optional) - Enables or disables adding the SIM MSISDN as an HTTP header in the forwarded request.
- customHeaders (object, optional) - Defines custom headers behavior. Each custom header is defined using:
X-Header-Name(string, required) - Name of the custom header.- action (string, required) - Defines the header behavior using one of the following values:
append- Appends the defined header to the HTTP request.replace- Replaces any existing header with the defined header value.delete- Deletes the header from the HTTP request.
- headerKey (string, required) - The header name.
- headerValue (string, required) - The header value.
- action (string, required) - Defines the header behavior using one of the following values:
- addSignature (boolean, required) - Enables or disables adding a signature header for subscriber verification
- psk.$credentialsId (string, optional) - The ID assigned to the pre-shared key credential set. Used for signing when
addSignatureis set astrue. This ID is set when the credential is registered in the Credentials Store. - addAuthorizationHeader (object, optional) - Defines authorization header behavior. Each authorization header is defined using:
- enabled (boolean, required) - Enables or disables adding a authorization header.
- type (string, required) - Defines the authorization header type using one of the following values:
bearer_jwt- Add anAuthorization: Bearer {token}header to use the Bearer scheme defined in RFC 6750. In{token}, a JSON Web Token (JWT) issued using "Google Service Account (JSON)" credential set or "Private Key (PEM)" credential set will be inserted.aws_sig_v4- Add AWS Signature Version 4. AWS Signature version 4 is generated using "AWS credentials" credential set or "AWS IAM Role credentials" credential set.bearer- Add anAuthorization: Bearer {token}header to use the Bearer scheme defined in RFC 6750. In{token}, "API Token credentials" or "Pre-Shared Key" credential set will be inserted.basic- Add anAuthorization: Basic {credentials}header to use Basic authentication as defined in RFC 7617. In{credentials}, a Base64 string generated from the user name and password set in "Username password credentials" credential set is inserted.
- config (object, required) - The settings for the authorization header based on the type.
- If the type is
bearer_jwt:- jwtClaims (object, required) - The information used to generate the JSON web token. For example:
{ "iss": "soracom-beam@long-stack-371107.iam.gserviceaccount.com", "sub": "soracom-beam@long-stack-371107.iam.gserviceaccount.com", "aud": "https://pubsub.googleapis.com/google.pubsub.v1.Publisher" }iatandexpare automatically generated when a device accesses Beam. - credentials.$credentialsId (string, required) - The credential ID of the Google Service Account (JSON) or private key (PEM) registered in the Credentials Store.
- algorithm (string, required) - Used to specify the signature algorithm. Valid choices are
RS256,ES256,RS512, orES512.
- jwtClaims (object, required) - The information used to generate the JSON web token. For example:
- If the type is
aws_sig_v4:- service (string, required) - Choose
lambda,sagemaker,geo, ors3. - region (string, required) - Specify your AWS resource region. For example:
ap-northeast-1. - unsignedPayload (boolean, required) - Set as
trueif you might upload files larger than 1 MiB to AWS S3. - credentials.$credentialsId (string, required) - The credential ID of the AWS IAM role credential registered in the Credentials Store.
- service (string, required) - Choose
- If the type is
bearer:- credentials.$credentialsId (string, required) - The credential ID of the API token credential or pre-shared key credential registered in the Credentials Store.
- If the type is
basic:- credentials.$credentialsId (string, required) - The credential ID of the username/password credential registered in the Credentials Store.
- If the type is
Sample
[
{
"key": "http://beam.soracom.io:18080",
"value": {
"name": "test",
"destination": "https://beamtest.soracom.io",
"enabled": true,
"addSubscriberHeader": true,
"addSimIdHeader": true,
"addMsisdnHeader": true,
"customHeaders": {
"X-GROUP-NAME": {
"action": "replace",
"headerKey": "X-GROUP-NAME",
"headerValue": "TEST"
}
},
"addSignature": true,
"psk": {
"$credentialsId": "CredentialsID"
},
"addAuthorizationHeader": {
"enabled": false
}
}
}
]