Cloud Protocol Reference
Introduction
This page provides the complete protocol reference for the AosEdge Unit-Cloud communication protocol version 7. The protocol defines how Units exchange structured JSON messages with the AosCloud backend over a persistent WebSocket connection secured by mTLS.
The protocol is defined in code rather than a standalone specification document. The authoritative source is the Python
Pydantic models at cloud-common/cloud_common/protocols/unit/v7/ (cloud side) and the C++ serialization code at
aos_core_cpp/src/common/cloudprotocol/ (Unit side). This reference documents the protocol as implemented in those
sources.
Protocol Overview
| Property | Value |
|---|---|
| Protocol version | 7 |
| Transport | WebSocket (binary frames) |
| Serialization | JSON |
| Endpoint | /ws/v7/ |
| Authentication | Mutual TLS (mTLS) with online certificate |
| Service discovery | HTTP POST to /sd/v7/ |
Message Envelope
Every message exchanged over the WebSocket uses a two-part envelope structure: a header and a data payload.
{
"header": {
"version": 7,
"systemId": "unit-abc-123",
"createdAt": "2025-01-15T10:30:00Z",
"txn": "550e8400-e29b-41d4-a716-446655440000"
},
"data": {
"messageType": "unitStatus",
...
}
}
Header Fields
| Field | Type | Required | Description |
|---|---|---|---|
version | integer | Yes | Protocol version. Always 7 for this protocol version. |
systemId | string | Yes | Unique identifier of the Unit sending or receiving the message. |
createdAt | string (ISO 8601) | Yes | Timestamp when the message was created. |
txn | string (UUID) | Yes | Transaction ID used for acknowledgment correlation and tracing. |
Data Payload
The data object contains the message body. The messageType field acts as a discriminator that determines the schema
of the remaining fields. An optional correlationId field links request/response pairs.
| Field | Type | Required | Description |
|---|---|---|---|
messageType | string | Yes | Discriminator identifying the message type. |
correlationId | string | No | Links a response to its originating request. |
Acknowledgment Protocol
Every message sent over the WebSocket must be acknowledged by the receiver:
ack— confirms the message was received and accepted for processingnack— indicates the message could not be processed; includes aretryAfterhint
ack
Direction: Both (Unit→Cloud and Cloud→Unit)
{
"messageType": "ack",
"correlationId": "<txn of acknowledged message>"
}
nack
Direction: Cloud → Unit
{
"messageType": "nack",
"correlationId": "<txn of rejected message>",
"retryAfter": 500
}
| Field | Type | Description |
|---|---|---|
retryAfter | integer | Suggested retry delay in milliseconds. Default: 500. |
The CM implementation retries unacknowledged messages up to 3 times. If no acknowledgment is received within the timeout period, the connection is considered broken and reconnection is initiated.
Common Data Structures
Several data structures are shared across multiple message types.
AosIdentity
A flexible identifier used for nodes, items, subjects, and other objects throughout the protocol.
| Field | Type | Required | Description |
|---|---|---|---|
id | string (UUID) | No | Unique UUID identifier. |
type | string | No | Object type (e.g., AosService, AosComponent). |
codename | string | No | Human-readable codename. |
title | string | No | Display title. |
description | string | No | Description text. |
urn | string | No | Globally unique URN. |
ErrorInfo
Error details attached to status reports when an operation fails.
| Field | Type | Required | Description |
|---|---|---|---|
code | integer | Yes | Error code. |
message | string | Yes | Human-readable error description. |
Desired Status (Cloud → Unit)
The desiredStatus message is the primary control message from cloud to Unit. It declares the target state — which
Deployable Items should be installed, which service instances should be running, and the desired node states.
Message type: desiredStatus
{
"messageType": "desiredStatus",
"nodes": [...],
"unitConfig": {...},
"items": [...],
"instances": [...],
"subjects": [...],
"certificates": [...],
"certificateChains": [...]
}
Top-Level Fields
| Field | Type | Required | Description |
|---|---|---|---|
nodes | array of NodeDesiredState | No | Desired state for each node (provisioned or paused). |
unitConfig | UnitConfig | No | Unit configuration to apply. |
items | array of DesiredUpdateItemInfo | No | Deployable Items that should be installed. |
instances | array of DesiredInstanceInfo | No | Service instances that should be running. |
subjects | array of AosSubject | No | Subject definitions used for access control. |
certificates | array of CertificateInfo | No | Certificates for Verification of Deployable Items. |
certificateChains | array of CertificateChainInfo | No | Certificate chains for signature Verification. |
NodeDesiredState
| Field | Type | Description |
|---|---|---|
item | AosIdentity | Node identifier. |
state | string | Desired state: provisioned or paused. |
DesiredUpdateItemInfo
Describes a Deployable Item that should be present on the Unit.
| Field | Type | Description |
|---|---|---|
item | AosIdentity | Deployable Item identifier. |
version | string (SemVer) | Target version. |
owner | AosIdentity | Owner identity (OEM or service provider). |
indexDigest | string | Digest of the OCI index.json for the item. |
DesiredInstanceInfo
Describes a service instance that should be running.
| Field | Type | Description |
|---|---|---|
item | AosIdentity | Deployable Item identifier. |
subject | AosIdentity | Subject (tenant) for the instance. |
priority | integer (0–999999) | Scheduling priority. Default: 0. |
numInstances | integer (≥0) | Number of instances to run. Default: 1. |
labels | array of string | Optional labels for placement constraints. |
UnitConfig
Delivered as part of desiredStatus to configure node-level parameters.
| Field | Type | Description |
|---|---|---|
version | string | Configuration version (auto-incremented). |
formatVersion | string | Format version of the configuration structure. |
nodes | array of NodeConfig | Per-node configuration entries. |
NodeConfig
| Field | Type | Description |
|---|---|---|
nodeGroupSubject | AosIdentity | Node group subject (identifies the node type). |
node | AosIdentity | Optional specific node identifier. |
alertRules | AlertRules | Threshold rules for CPU, RAM, disk, and network alerts. |
resourceRatios | ResourceRatiosInfo | Default resource allocation ratios (cpu, ram, storage, state as percentages). |
labels | array of string | Labels for this node. |
priority | integer (≥0) | Node priority for service placement. |
Unit Status (Unit → Cloud)
The unitStatus message reports the current state of the Unit — its nodes, installed Deployable Items, running
instances, and configuration status.
Message type: unitStatus
{
"messageType": "unitStatus",
"isDeltaInfo": false,
"unitConfig": [...],
"nodes": [...],
"items": [...],
"instances": [...],
"subjects": [...]
}
Top-Level Fields
| Field | Type | Required | Description |
|---|---|---|---|
isDeltaInfo | boolean | No | If true, this is a delta update (only changed fields). If false or absent, this is a full status report. |
unitConfig | array of UnitConfigStatus | No | Status of the installed unit configuration. |
nodes | array of UnitNodeInfo | No | Information about all nodes attached to the Unit. |
items | array of UpdateItemInfo | No | Status of installed Deployable Items. |
instances | array of InstancesInfo | No | Status of running service instances. |
subjects | array of AosIdentity | No | Active subjects on the Unit. |
UnitConfigStatus
| Field | Type | Description |
|---|---|---|
version | string | Installed configuration version. |
state | string | State: absent, installed, or failed. |
errorInfo | ErrorInfo | Error details if state is failed. |
UnitNodeInfo
Reports comprehensive information about a node attached to the Unit.
| Field | Type | Description |
|---|---|---|
identity | AosIdentity | Node identifier. |
nodeGroupSubject | AosIdentity | Node group subject (node type). |
maxDmips | integer | Maximum DMIPS capacity. |
physicalRam | integer | Physical RAM in bytes. |
totalRam | integer | Total RAM (physical + swap) in bytes. |
osInfo | OsInfo | Operating system information (os, version, features). |
cpus | array of NodeCPUInfo | CPU details (model, cores, threads, architecture). |
attrs | object | Key-value attributes (e.g., dynamic, cloud_connection). |
partitions | array of NodePartitionInfo | Disk partition information (name, types, totalSize). |
runtimes | array of RuntimeInfo | Supported container runtimes. |
resources | array of ResourceInfo | Available shared resources. |
isConnected | boolean | Whether the node is connected to the main node. |
state | string | Node state: unprovisioned, provisioned, error, or paused. |
errorInfo | ErrorInfo | Error details if state is error. |
UpdateItemInfo
Reports the status of an installed Deployable Item.
| Field | Type | Description |
|---|---|---|
item | AosIdentity | Deployable Item identifier. |
version | string (SemVer) | Installed version. |
state | string | Item state (see below). |
errorInfo | ErrorInfo | Error details if state is failed. |
Deployable Item states: unknown, downloading, pending, installing, installed, removing, removed,
failed
InstancesInfo
Reports the status of running service instances for a specific Deployable Item.
| Field | Type | Description |
|---|---|---|
item | AosIdentity | Deployable Item identifier. |
subject | AosIdentity | Subject (tenant) identifier. |
version | string (SemVer) | Item version. |
instances | array of InstanceInfo | Per-instance status. |
InstanceInfo
| Field | Type | Description |
|---|---|---|
node | AosIdentity | Node where the instance runs. |
runtime | AosIdentity | Runtime used for the instance. |
instance | integer | Instance number (starting from 0). |
stateChecksum | string (Base64) | SHA-256 checksum of the instance state. |
state | string | Instance state: activating, active, inactive, or failed. |
errorInfo | ErrorInfo | Error details if state is failed. |
Alerts (Unit → Cloud)
The alerts message carries a batch of alert items from the Unit to the cloud. Alerts are discriminated by a tag
field.
Message type: alerts
{
"messageType": "alerts",
"items": [
{ "tag": "systemAlert", ... },
{ "tag": "coreAlert", ... }
]
}
Alert Types
| Tag | Description |
|---|---|
systemAlert | System-level error on a node. |
coreAlert | Error in an AosCore component (CM, SM, IAM, MP). |
deviceAllocateAlert | Resource allocation failure for a service instance. |
systemQuotaAlert | System resource threshold exceeded on a node. |
instanceQuotaAlert | Service instance resource threshold exceeded. |
downloadProgressAlert | Download progress or failure notification. |
updateItemInstanceAlert | Service instance lifecycle event. |
systemAlert
| Field | Type | Description |
|---|---|---|
tag | "systemAlert" | Alert type discriminator. |
timestamp | string (ISO 8601) | When the alert was triggered. |
node | AosIdentity | Node where the alert occurred. |
message | string | Error description. |
coreAlert
| Field | Type | Description |
|---|---|---|
tag | "coreAlert" | Alert type discriminator. |
timestamp | string (ISO 8601) | When the alert was triggered. |
node | AosIdentity | Node where the alert occurred. |
coreComponent | string | Component ID (e.g., cm, sm, iam). |
message | string | Error description. |
systemQuotaAlert
| Field | Type | Description |
|---|---|---|
tag | "systemQuotaAlert" | Alert type discriminator. |
timestamp | string (ISO 8601) | When the alert was triggered. |
node | AosIdentity | Node where the threshold was exceeded. |
parameter | string | Resource parameter name (e.g., cpu, ram). |
value | integer | Triggered value of the parameter. |
instanceQuotaAlert
| Field | Type | Description |
|---|---|---|
tag | "instanceQuotaAlert" | Alert type discriminator. |
timestamp | string (ISO 8601) | When the alert was triggered. |
item | AosIdentity | Deployable Item identifier. |
subject | AosIdentity | Subject identifier. |
instance | integer | Instance number. |
parameter | string | Resource parameter name. |
value | integer | Triggered value. |
downloadProgressAlert
| Field | Type | Description |
|---|---|---|
tag | "downloadProgressAlert" | Alert type discriminator. |
timestamp | string (ISO 8601) | When the alert was triggered. |
digest | string | Blob digest (OCI format, e.g., sha256:3c3a...). |
url | string | Download URL (optional). |
downloadedBytes | integer | Bytes downloaded so far. |
totalBytes | integer | Total file size in bytes. |
state | string | Download state: started, paused, interrupted, or finished. |
reason | string | Reason for the current state (optional). |
errorInfo | ErrorInfo | Error details if download failed. |
deviceAllocateAlert
| Field | Type | Description |
|---|---|---|
tag | "deviceAllocateAlert" | Alert type discriminator. |
timestamp | string (ISO 8601) | When the alert was triggered. |
item | AosIdentity | Deployable Item identifier. |
subject | AosIdentity | Subject identifier. |
instance | integer | Instance number. |
node | AosIdentity | Node where allocation failed. |
deviceId | string | Resource name that could not be allocated. |
message | string | Error description. |
updateItemInstanceAlert
| Field | Type | Description |
|---|---|---|
tag | "updateItemInstanceAlert" | Alert type discriminator. |
timestamp | string (ISO 8601) | When the alert was triggered. |
item | AosIdentity | Deployable Item identifier. |
subjectId | AosIdentity | Subject identifier. |
instance | integer | Instance number. |
version | string (SemVer) | Item version. |
message | string | Alert description. |
Monitoring Data (Unit → Cloud)
The monitoringData message sends resource usage metrics from the Unit to the cloud, covering both node-level and
per-instance metrics.
Message type: monitoringData
{
"messageType": "monitoringData",
"nodes": [...],
"instances": [...]
}
Top-Level Fields
| Field | Type | Required | Description |
|---|---|---|---|
nodes | array of NodeMonitoringData | Yes | Per-node resource usage data. |
instances | array of InstanceMonitoringData | No | Per-instance resource usage data. |
NodeMonitoringData
| Field | Type | Description |
|---|---|---|
node | AosIdentity | Node identifier. |
nodeStates | array of NodeState | Node state change history. |
items | array of MonitoringData | Time-series resource usage records. |
InstanceMonitoringData
| Field | Type | Description |
|---|---|---|
item | AosIdentity | Deployable Item identifier. |
subject | AosIdentity | Subject identifier. |
instance | integer | Instance number. |
node | AosIdentity | Node where the instance runs. |
itemStates | array of InstanceStateData | Instance state change history. |
items | array of MonitoringData | Time-series resource usage records. |
MonitoringData
A single resource usage sample.
| Field | Type | Description |
|---|---|---|
timestamp | string (ISO 8601) | When the sample was recorded. |
ram | integer | RAM usage in bytes. |
cpu | integer | CPU usage (implementation-defined units). |
download | integer | Inbound network traffic in bytes. |
upload | integer | Outbound network traffic in bytes. |
partitions | array of PartitionUsage | Disk partition usage. |
PartitionUsage
| Field | Type | Description |
|---|---|---|
name | string | Partition name. |
usedSize | integer | Used space in bytes. |
Log Messages
The protocol supports on-demand log retrieval. The cloud requests logs from the Unit, and the Unit responds with log content in parts.
requestLog (Cloud → Unit)
Requests logs from the Unit with filtering options.
Message type: requestLog
| Field | Type | Description |
|---|---|---|
logType | string | Type of log: systemLog, instanceLog, or crashLog. |
filter | LogFilter | Filter criteria for the log request. |
uploadOptions | UploadOptions | How the Unit should deliver the logs. |
LogFilter
| Field | Type | Description |
|---|---|---|
from | string (ISO 8601) | Start timestamp (inclusive). |
till | string (ISO 8601) | End timestamp (exclusive). |
nodeIds | array of AosIdentity | Nodes to collect logs from (all if omitted). |
item | AosIdentity | Filter by Deployable Item (optional). |
subject | AosIdentity | Filter by subject (optional). |
instance | integer | Filter by instance number (optional). |
UploadOptions
| Field | Type | Description |
|---|---|---|
type | string | Upload channel: wss (WebSocket) or https. |
url | string | Base URL for upload (optional). |
bearerToken | string | Authorization token (optional). |
bearerTokenTtl | string (ISO 8601) | Token expiration time (optional). |
pushLog (Unit → Cloud)
Delivers log content in response to a requestLog. Large logs are split into multiple parts.
Message type: pushLog
| Field | Type | Description |
|---|---|---|
correlationId | string | Links this response to the original requestLog. |
node | AosIdentity | Node that produced the logs. |
part | integer | Current part number (starting from 0). |
partsCount | integer | Total number of parts. |
content | string (Base64) | Log content for this part. |
status | string | Log status: ok, failed, error, empty, or absent. |
errorInfo | ErrorInfo | Error details if status indicates failure. |
Certificate Lifecycle Messages
The protocol includes messages for managing the Unit's certificate lifecycle — renewal notifications, certificate signing requests, and installation confirmations.
renewCertificatesNotification (Cloud → Unit)
Cloud notifies the Unit that certificates need renewal and provides unit secrets for secure operations.
Message type: renewCertificatesNotification
| Field | Type | Description |
|---|---|---|
certificates | array of CertificateIdentification | Certificates that need renewal (type, node, serial, validTill). |
unitSecrets | UnitSecretsData | Secrets for secure Unit operations. |
CertificateIdentification
| Field | Type | Description |
|---|---|---|
type | string | Certificate type: offline, online, um, sm, cm, iam, host-device, remote-device, or azure-iot. |
node | AosIdentity | Node identity. |
serial | string | Certificate serial number. |
validTill | string (ISO 8601) | Certificate expiration time. |
issueUnitCertificates (Unit → Cloud)
Unit requests new certificates by sending Certificate Signing Requests (CSRs).
Message type: issueUnitCertificates
| Field | Type | Description |
|---|---|---|
requests | array of IssueCertData | CSR requests. |
IssueCertData
| Field | Type | Description |
|---|---|---|
type | string | Certificate type (same values as CertificateIdentification). |
node | AosIdentity | Node identity. |
csr | string (PEM) | Certificate Signing Request in PEM format. |
issuedUnitCertificates (Cloud → Unit)
Cloud delivers newly issued certificates.
Message type: issuedUnitCertificates
| Field | Type | Description |
|---|---|---|
certificates | array of IssuedUnitCerts | Issued certificate data. |
IssuedUnitCerts
| Field | Type | Description |
|---|---|---|
type | string | Certificate type. |
node | AosIdentity | Node identity. |
certificateChain | string (PEM) | Full certificate chain. |
installUnitCertificatesConfirmation (Unit → Cloud)
Unit confirms that certificates have been installed (or reports failure).
Message type: installUnitCertificatesConfirmation
| Field | Type | Description |
|---|---|---|
certificates | array of InstallCertData | Installation results. |
InstallCertData
| Field | Type | Description |
|---|---|---|
type | string | Certificate type. |
node | AosIdentity | Node identity. |
serial | string | Installed certificate serial number. |
errorInfo | ErrorInfo | Error details if installation failed. |
Service State Messages
The protocol supports bidirectional service state synchronization between the Unit and cloud.
newState (Unit → Cloud)
Unit reports a new service state (e.g., after a service writes updated state data).
Message type: newState
| Field | Type | Description |
|---|---|---|
item | AosIdentity | Deployable Item identifier. |
subject | AosIdentity | Subject identifier. |
instance | integer | Instance number. |
stateChecksum | string | SHA-256 digest over the state content. |
state | string | The state content (application-defined format). |
updateState (Cloud → Unit)
Cloud sends updated state to the Unit (e.g., restoring state after redeployment).
Message type: updateState
Same schema as newState — contains item, subject, instance, stateChecksum, and state fields.
stateRequest (Unit → Cloud)
Unit requests its current or default state from the cloud.
Message type: stateRequest
| Field | Type | Description |
|---|---|---|
item | AosIdentity | Deployable Item identifier. |
subject | AosIdentity | Subject identifier. |
instance | integer | Instance number. |
default | boolean | If true, request the initial (default) state. If false, request the latest state. |
stateAcceptance (Cloud → Unit)
Cloud accepts or rejects a state update previously sent via newState.
Message type: stateAcceptance
| Field | Type | Description |
|---|---|---|
item | AosIdentity | Deployable Item identifier. |
subject | AosIdentity | Subject identifier. |
instance | integer | Instance number. |
checksum | string | State checksum being accepted/rejected. |
result | string | Result: accepted or rejected. |
reason | string | Reason for the decision. |
Blob URL Messages
For large binary objects (Deployable Item images), the Unit requests download URLs from the cloud rather than receiving the data inline.
requestBlobUrls (Unit → Cloud)
Unit requests download URLs for specific blobs identified by their OCI digest.
Message type: requestBlobUrls
| Field | Type | Description |
|---|---|---|
digests | array of string | OCI-format digests (e.g., sha256:3c3a4604...). |
blobUrls (Cloud → Unit)
Cloud provides download URLs and Verification information for requested blobs.
Message type: blobUrls
| Field | Type | Description |
|---|---|---|
items | array of UpdateItemBlobInfo | Blob download information. |
UpdateItemBlobInfo
| Field | Type | Description |
|---|---|---|
digest | string | OCI-format blob digest. |
urls | array of string | Download URLs (multiple for redundancy). |
sha256 | string (Base64) | SHA-256 hash of the blob content. |
size | integer | File size in bytes. |
decryptInfo | DecryptInfo | Decryption parameters for the blob. |
signInfo | SignInfo | Signature Verification data. |
DecryptInfo
| Field | Type | Description |
|---|---|---|
blockAlg | string | Block cipher: AES256/CBC/pkcs7 or AES256/GCM/. |
blockIv | string (Base64) | Initialization vector. |
blockKey | string (Base64) | Symmetric encryption key. |
SignInfo
| Field | Type | Description |
|---|---|---|
chainName | string | Certificate chain name for Verification. |
alg | string | Signing algorithm: RSA/SHA256 or EC/SHA256. |
value | string (Base64) | Signature value. |
trustedTimestamp | string (ISO 8601) | Signature timestamp. |
ocspValues | array of string | OCSP response values. |
Environment Variable Override Messages
The cloud can override environment variables for running service instances.
overrideEnvVars (Cloud → Unit)
Cloud sends environment variable overrides to apply to service instances.
Message type: overrideEnvVars
| Field | Type | Description |
|---|---|---|
items | array of EnvVarFilter | Filters and variables to apply. |
EnvVarFilter
| Field | Type | Description |
|---|---|---|
item | AosIdentity | Target Deployable Item (optional — applies to all if omitted). |
subject | AosIdentity | Target subject (optional). |
instance | integer | Target instance number (optional). |
variables | array of EnvVar | Environment variables to set. |
EnvVar
| Field | Type | Description |
|---|---|---|
name | string | Variable name (1–256 characters). |
value | string | Variable value (0–10240 characters). |
ttl | string (ISO 8601) | Time-to-live for the variable (optional; empty means permanent). |
overrideEnvVarsStatus (Unit → Cloud)
Unit reports the result of applying environment variable overrides.
Message type: overrideEnvVarsStatus
| Field | Type | Description |
|---|---|---|
statuses | array of EnvVarInstanceStatus | Per-instance override results. |
EnvVarInstanceStatus
| Field | Type | Description |
|---|---|---|
item | AosIdentity | Deployable Item identifier. |
subjectId | AosIdentity | Subject identifier. |
instance | integer | Instance number. |
name | string | Variable name. |
errorInfo | ErrorInfo | Error details if override failed. |
Provisioning Messages
The protocol supports remote provisioning and deprovisioning of nodes through a request/response pattern.
startProvisioningRequest (Cloud → Unit)
Cloud initiates provisioning of a node.
Message type: startProvisioningRequest
| Field | Type | Description |
|---|---|---|
node | AosIdentity | Node to provision. |
password | string | TPM security officer password. |
startProvisioningResponse (Unit → Cloud)
Unit responds with CSRs for the node's certificates.
Message type: startProvisioningResponse
| Field | Type | Description |
|---|---|---|
node | AosIdentity | Node being provisioned. |
errorInfo | ErrorInfo | Error details if provisioning start failed. |
csrs | array of CSR | Certificate Signing Requests (type + PEM CSR). |
finishProvisioningRequest (Cloud → Unit)
Cloud completes provisioning by delivering signed certificates.
Message type: finishProvisioningRequest
| Field | Type | Description |
|---|---|---|
node | AosIdentity | Node being provisioned. |
certificates | array of IssuedCertificate | Signed certificates (type + chain). |
password | string | TPM security officer password. |
finishProvisioningResponse (Unit → Cloud)
Unit confirms provisioning completion.
Message type: finishProvisioningResponse
| Field | Type | Description |
|---|---|---|
node | AosIdentity | Node that was provisioned. |
errorInfo | ErrorInfo | Error details if provisioning failed. |
deprovisioningRequest (Cloud → Unit)
Cloud initiates deprovisioning of a node.
Message type: deprovisioningRequest
| Field | Type | Description |
|---|---|---|
node | AosIdentity | Node to deprovision. |
password | string | TPM security officer password. |
deprovisioningResponse (Unit → Cloud)
Unit confirms deprovisioning completion.
Message type: deprovisioningResponse
| Field | Type | Description |
|---|---|---|
node | AosIdentity | Node that was deprovisioned. |
errorInfo | ErrorInfo | Error details if deprovisioning failed. |
Service Discovery Protocol
Before establishing the WebSocket connection, the Unit must discover the cloud endpoint through a lightweight HTTP-based service discovery mechanism.
Discovery Request
The Unit sends an HTTP POST to /sd/v7/ with:
{
"version": 7,
"systemId": "unit-abc-123",
"supportedProtocols": ["ws/v7"]
}
| Field | Type | Description |
|---|---|---|
version | integer | Protocol version (7). |
systemId | string | Unit system identifier. |
supportedProtocols | array of string | Protocols the Unit supports. |
Discovery Response
The cloud responds with connection information:
{
"version": 7,
"systemId": "unit-abc-123",
"nextRequestDelay": 3600,
"connectionInfo": ["wss://cloud.example.com/ws/v7/"],
"authToken": "<optional-token>",
"errorCode": "NoError"
}
| Field | Type | Description |
|---|---|---|
version | integer | Protocol version. |
systemId | string | Confirmed Unit system ID. |
nextRequestDelay | integer | Seconds before the Unit should re-discover. |
connectionInfo | array of string | WebSocket URLs to connect to. |
authToken | string | Optional authentication token. |
errorCode | string | Status: NoError, Redirect, RepeatLater, or Error. |
The Unit caches the discovered URL and reuses it across reconnections. A new discovery is triggered after repeated
connection failures or when nextRequestDelay expires.
Protocol Behavior Summary
Message Flow Patterns
| Pattern | Messages | Description |
|---|---|---|
| Status reporting | unitStatus → ack | Unit periodically reports its full or delta status. |
| Desired state | desiredStatus → ack | Cloud pushes target state; Unit acknowledges and begins reconciliation. |
| Blob download | requestBlobUrls → blobUrls | Unit requests download URLs for large binaries. |
| Log retrieval | requestLog → pushLog (×N) | Cloud requests logs; Unit responds in parts. |
| Certificate renewal | renewCertificatesNotification → issueUnitCertificates → issuedUnitCertificates → installUnitCertificatesConfirmation | Full certificate renewal cycle. |
| Provisioning | startProvisioningRequest → startProvisioningResponse → finishProvisioningRequest → finishProvisioningResponse | Node provisioning handshake. |
| State sync | newState → stateAcceptance | Unit uploads state; cloud accepts or rejects. |
Connection Lifecycle
- Service discovery — HTTP POST to
/sd/v7/returns WebSocket URL - WebSocket connect — mTLS handshake to
/ws/v7/ - Initial status — Unit sends full
unitStatus(isDeltaInfo: false) - Steady state — bidirectional message exchange with ack/nack
- Reconnection — on connection loss, exponential backoff from 1 second to 10 minutes, up to 5 retries per attempt
Related Pages
- Cloud Communication Overview — high-level architecture of the Unit-Cloud communication channel
- Connection Management — reconnection logic, keepalive, and error handling
- Communication Manager — the CM component that implements this protocol on the Unit side
- Security Model — certificate architecture and mTLS infrastructure
- Service Lifecycle — how desired-state messages drive service deployment
- Monitoring — monitoring pipeline that produces
monitoringDatamessages