# Endpoints

The **Endpoints** tab in Platform Settings allows administrators to configure the core communication and provisioning endpoints that Nexus uses for device management, data ingestion, and device provisioning.

These settings are essential for enabling scalable, global environments where multiple regions, sites, and ingestion pipelines must be supported consistently. Endpoints defined here act as the backbone for how devices connect, send data, and are provisioned into Nexus.

These settings require the [Administrator Role](/platform-architecture/security-architecture/user-roles-and-permissions.md) to access and modify.

***

## Types of Endpoints

<figure><img src="/files/8ALKajxfE0tLsrURYX27" alt=""><figcaption><p>The Endpoints Tab of Platform Settings</p></figcaption></figure>

Administrators can create the following types of endpoints:

### Device Management Endpoints (IoT Hubs)

* A Device Management Endpoint corresponds to an **Azure IoT Hub**.
* IoT Hubs handle **device communication, control, and deployments**.
* Useful when operating across multiple regions - for example, creating:
  * An endpoint in Europe
  * An endpoint in the US
  * An endpoint in Asia
* Devices can then be associated with the IoT Hub closest to their location, improving performance and reducing latency.

***

### Ingestion Endpoints

* An Ingestion Endpoint corresponds to an **Azure Storage Account**.
* Ingestion endpoints handle all **data upload operations** from devices, including:
  * Time-series measurements
  * Processed analytics results
  * Files from FTP servers or network file shares
  * Device metrics and logs
* By creating multiple ingestion endpoints close to the devices or sites, administrators can optimize data upload performance and reliability.

***

### Device Provisioning Endpoints (DPS)

* A Device Provisioning Endpoint corresponds to an [**Azure IoT Hub Device Provisioning Service (DPS)**](https://learn.microsoft.com/en-us/azure/iot-dps/).
* DPS automates the process of provisioning devices to their correct IoT Hub (management endpoint).
* In most scenarios, **only one DPS endpoint is required**, as it can manage provisioning across multiple IoT Hubs.
* Devices are automatically assigned to the appropriate management hub based on defined allocation rules.

***

### Default Endpoints

Endpoints can be marked as **default**. Defaults play a key role in how Nexus operates:

* **Default Device Management Endpoint** → Used for [device configuration under *Settings* ](/management-portal/management/device-configuration/settings.md)(if no other endpoint is specified).
* **Default Ingestion Endpoint** → Used by devices as the standard target for uploading telemetry, files, and logs and can be found in [device configuration under *Settings*](/management-portal/management/device-configuration/settings.md)*.*
* **Default Device Provisioning Endpoint** → Used whenever new devices are provisioned into Nexus and can be found in [Provisioning](/management-portal/management/provisioning.md).

This ensures that all devices have a consistent fallback configuration while still allowing flexibility for site- or region-specific overrides.

***

## Typical Use Cases

* **Global Operations**: Configure IoT Hubs in multiple regions to reduce latency and align devices with their closest management endpoint.
* **Scalable Data Collection**: Add ingestion endpoints in regional storage accounts to ensure efficient, high-throughput upload of telemetry and logs.
* **Centralized Provisioning**: Use a single DPS instance to manage device provisioning across many IoT Hubs, simplifying operations while maintaining scalability.

***

## Adding Endpoints

Endpoints can be added to Nexus using the Add dropdown button in the top toolbar of the Endpoints Tab in Platform Settings. This requires the role of an Administrator.

<figure><img src="/files/MSBWP46Qt4uMgffplEQz" alt=""><figcaption><p>Adding a new Endpoint drop-down button</p></figcaption></figure>

### Adding a Device Management Endpoint (IoT Hub)

A **Device Management Endpoint** connects Nexus to an existing [**Azure IoT Hub**](https://learn.microsoft.com/en-us/azure/iot-hub/). These endpoints are used to manage devices, send configurations, and perform module deployments.

> ⚠️ **Important:** The administrator is responsible for creating the IoT Hub in Azure **before** it can be added as an endpoint in Nexus. Nexus does not provision IoT Hubs on your behalf.

#### Steps to Add a Device Management Endpoint

<figure><img src="/files/48qHU9IiWZWlNaDR1qcH" alt=""><figcaption><p>Add a Device Managment Endpoint (IoT Hub) Window</p></figcaption></figure>

1. **Navigate to Platform Settings → Endpoints**
   * Click **+ Add** and select **Device Management Endpoint**.
2. **Fill in the required details**:
   * **Name**
     * Provide a descriptive name for the endpoint (e.g., `mgmt-us-west` or `iot-mgmt-europe`).
     * This helps identify the IoT Hub when operating in global environments with multiple endpoints.
   * **Type**
     * Always set to **Azure IoT Hub**.
   * **Location**
     * Specify the Azure region where the IoT Hub is deployed (e.g., `westeurope`, `westus`).
     * Using the correct location makes it easier to map devices to their closest hub for low-latency communication.
   * **IoT Hub Connection String**

     * Provide a connection string with **Registry Write** and **Service Connect** permissions.
     * These permissions are required by Nexus to:
       * Manage devices in the IoT Hub (create, update, delete device identities).
       * Establish module-to-cloud and cloud-to-module connections.

     Example:

     ```plaintext
     HostName=my-iothub.azure-devices.net;SharedAccessKeyName=iothubowner;SharedAccessKey=xxxxxxxx
     ```
3. **Save the Endpoint**
   * Once all fields are completed, click **Save** to register the endpoint with Nexus.

#### Best Practices

* **Use Regional Hubs**: Create IoT Hubs in regions close to your devices/sites to reduce latency and improve reliability.
* **Restrict Permissions**: Avoid using overly broad connection strings (e.g., `iothubowner`) in production. Instead, generate a custom policy with only `Registry Write` and `Service Connect` permissions.
* **Naming Convention**: Adopt a naming convention such as `mgmt-<region>` to make endpoints easy to identify (e.g., `mgmt-us-west`, `mgmt-eu-central`).

***

### Creating an Ingestion Endpoint

An **Ingestion Endpoint** allows devices to upload data (such as measurements, processed results, files from FTP servers, device metrics, and logs) into [**Azure Blob Storage**](https://learn.microsoft.com/en-us/azure/storage/blobs/). Nexus uses this storage account as the landing zone for device data before further processing or analysis.

> ⚠️ **Important:** The administrator must create the **Azure Storage Account** in Azure **before** adding it as an Ingestion Endpoint in Nexus.

#### Steps to Add an Ingestion Endpoint

<figure><img src="/files/7LQQiYEeOvmIezVXj4wt" alt=""><figcaption><p>Add Ingestion Endpoint window</p></figcaption></figure>

1. **Navigate to Platform Settings → Endpoints**
   * Click **+ Add** and select **Ingestion Endpoint**.
2. **Fill in the required details**:
   * **Name**
     * Provide a descriptive name for the endpoint (e.g., `ingestion-us`, `ingest-europe`).
   * **Type**
     * Always set to **Azure Blob Storage**.
   * **Location**
     * Enter the Azure datacenter region where the storage account is hosted (e.g., `westeurope`, `westus`).
   * **Storage Account Connection String**

     * Provide a connection string for the storage account with **Blob Read/Write permissions**.
     * This ensures Nexus can write incoming device data to the storage account and, if required, read back stored files.

     Example:

     ```plaintext
     DefaultEndpointsProtocol=https;AccountName=myingestionstore;AccountKey=xxxxxxxx;EndpointSuffix=core.windows.net
     ```
3. **Save the Endpoint**
   * Once all fields are completed, click **Save** to register the ingestion endpoint in Nexus.

#### Best Practices

* **Regional Ingestion**: Place ingestion endpoints close to devices to minimize upload latency (e.g., a storage account in `eastus` for U.S. devices, another in `westeurope` for European devices).
* **Security**: Limit permissions to only what’s required (`Blob Read/Write`). Do not expose root access keys where unnecessary.
* **Naming Convention**: Use a clear naming scheme such as `ingestion-<region>` (e.g., `ingestion-us`, `ingestion-asia`).
* **Scalability**: For large-scale deployments, create multiple ingestion endpoints to distribute load across regions.

***

### Adding a Device Provisioning Endpoint

A [**Device Provisioning Service (DPS) Endpoint**](https://learn.microsoft.com/en-us/azure/iot-dps/) in Nexus enables automated provisioning of devices at scale. DPS simplifies device onboarding by securely assigning devices to the correct **IoT Hub Device Management Endpoint(s)** based on provisioning rules and enrollment groups.

> ⚠️ **Important:** The DPS must already be created in Azure before it can be added to Nexus.

#### Steps to Add a Device Provisioning Endpoint

<figure><img src="/files/h3MeZJlat3RhSxFeILeh" alt=""><figcaption><p>Add Device Provisioning Endpoint Window</p></figcaption></figure>

1. **Navigate to Platform Settings → Endpoints**
   * Click **+ Add** and select **Device Provisioning Endpoint**.
2. **Fill in the required details**:
   * **Name**
     * Provide a descriptive name for the provisioning service (e.g., `dps-us`, `dps-europe`).
   * **ID Scope**
     * Enter the **unique ID Scope** of the DPS service from Azure.
     * This ID Scope links the Nexus configuration to the correct DPS instance.
   * **Type**
     * Always set to **Azure IoT Hub Device Provisioning Service (DPS)**.
   * **Location**
     * Enter the Azure datacenter location where the DPS is hosted (e.g., `westus`, `westeurope`).
   * **Connection String**
     * Provide a DPS connection string with the following permissions:
       * **Service Configuration**
       * **Enrollment Read/Write**
     * Example:

       ```plaintext
       HostName=mydps.azure-devices-provisioning.net;SharedAccessKeyName=provisioningserviceowner;SharedAccessKey=xxxxxxxxxx
       ```
3. **Save the Endpoint**
   * Once all fields are filled out, click **Save** to register the DPS endpoint in Nexus.

#### Best Practices

* **Single DPS, Multiple IoT Hubs**
  * Typically, you only need **one DPS per environment**, even if you are using multiple IoT Hubs for device management across regions.
* **Redundancy**
  * For global deployments, you may choose to create additional DPS instances in different regions, but most scenarios can be handled with a single centralized DPS.
* **Security**
  * Use **dedicated access policies** with limited permissions instead of reusing the root DPS key.
* **Naming Convention**
  * Use a clear naming scheme such as `dps-<region>` (e.g., `dps-europe`, `dps-us`).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tricloudnexus.io/management-portal/platform-settings/endpoints.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.