Thank you for being an iotQi user.  This guide will describe how iotQi account information is organized and how you can configure your account, subscriptions, and devices to best meet your planned use. 


Registration

When you registered or signed up to use iotQi, you supplied a username in the form of an email address and a password, with this information the iotQi Setup application created your user account and also created a basic organization structure for you: an Account and an initial Subscription.  The structure for your new iotQi account follows the outline shown below…

Throughout iotQi documentation the term account to mean the container for all of your iotQi settings such as subscriptions, payment accounts, and devices.  We use the term user account to mean your user profile that includes your first & last names and your email. 


Accounts

Within iotQi, Accounts refer to top-level organizations, which could be just yourself. Users refer to the data representing an individual’s login credentials.  Accounts (organizations) primarily act as a resource container for users and billing records that can be assigned to one or more Subscriptions.  The flow starts with the setup of resources in an iotQi account, these resources are in turn “assigned” to one or multiple subscriptions. 


Users in the Account

Users in iotQi are first added to the account; we call these “users”.  The first user added to an account is also the account owner.  So, when you register for an account, you are automatically setup as the account owner.   The account owner is responsible for adding other users to the account through user invitation.  The account owner is also responsible for adding payment accounts, adding additional subscriptions and assigning users to subscriptions as subscription operators. There is only one account owner per account.  In the future, you can designate a different user as the account owner if desired.  


Subscriptions

Each organization in iotQi has one or more Subscriptions as outlined above.  Subscriptions are where you tailor iotQi to serve the needs of your projects and organization.  Subscriptions contain devices and users.  The most important characteristic of subscriptions is that they define access permissions to your IoT devices. 


Subscription Operators

An account “user” is added to one or more subscriptions, within a subscription these are “subscription operators”. Each subscription operator is assigned to one of three roles: Owner, Command, Data Access.  The operator’s assigned role controls their access to both the subscription itself and the devices contained within the subscription.  A subscription operator with the Owner role can perform any action on the subscription including deleting the subscription.  Subscriptions can have multiple operators in the Owner role (this is different from the account owner), one is designated as the Primary Contact for subscription notifications.  If there are multiple subscription users in the Owner role, they have equal permissions and can in-fact delete or demote each other.


Subscription users with the roles of Command or Data Access can view subscription settings but have no access to change the subscription itself.  These roles are used to determine what device actions are available to the subscription user.


Subscription Roles Summary

Role
Subscription Permissions
Device Permissions
Owner
Full Access

Can edit and delete all child objects and can change subscription properties.
Can add, change, or delete devices.

Can send commands to devices.

Can view device data (telemetry, notifications).
Command
 Can view subscription properties. 
Can send commands to devices.

Can view device data (telemetry, notifications).
Data Access
 Can view subscription properties. 

Can view device data (telemetry, notifications).


The subscription role determines what actions a user can perform regarding a IoT device and also its data.


Within a subscription, an operator has the same level of access to all devices within the subscription.  This level of access is based solely on their role.  To provide different access to two devices for two different operators, you will need to setup two subscriptions to separate the devices and users. 


API Keys

API Keys offer an alternative approach to username and passwords when using the RESTful iotQi Web API.  With the API Keys approach, the key name is used instead of the username and the key value is used instead of a password, as the authentication for the Web API.  This allows the user’s password to not be shared with scripts or other individuals when interacting with iotQi devices.Using API Keys is entirely optional.  The iotQi Web API will accept either operator or key based credentials.  API Key credentials have the same security profile as an operator with the Command role.


Subscription Plans

You pick the type of subscription you need for your application.  Starting at the most inexpensive plan the "Maker" and go up from there.  Each plan supports a number of devices and a monthly total volume of data.


When you sign up for a free trial, the Implementer plan limits are applied to you subscription.


Payment Accounts

Trial accounts do not require a payment account.  At the end of the trial period, you will need to setup payment to continue to use iotQi.