Cellular IoT Questions? Ask Soracom!

Soracom Logo, IoT

Over the last few weeks, we’ve received countless questions from our customers covering a wide range of different topics. We figured what better way to answer these questions than to create an article around them. That way, they can stay on our blog forever in case others have similar issues.

Have a question that hasn’t been answered? Send us an email and we’ll try and cover it as quickly as possible. Otherwise, please refer to the FAQ site which is constantly updated.

Without further ado, here are the questions that we’ll be addressing in today’s article.

Soracom Harvest Icon

Is there a way to download more than 1,000 SORACOM Harvest data files at once from the user console or SORACOM CLI?

SORACOM Harvest data download is currently limited to 1,000 on the user console, and there is no way to download more than that. If you have SORACOM CLI version 0.5.0 or higher, you can set the following –fetch-all options to automatically paginate and download in batch.

soracom subscribers get-data --fetch-all --imsi "SIMのIMSI"

If the API call volume is too large, 429 (Too Many Requests) may be returned as the status code of the HTTP response. In such a case, adjust the call timing by referring to the following API usage guide or consult your support desk.

SORACOM CLI is improving every day so please be sure to use the latest version and stay tuned for new updates.

Soracom Beam Logo

We’re using SORACOM Beam to POST via HTTP to the server where our photos are stored. Is there a way to limit this to only POST transmissions from Soracom?

Great question! You can use the following three methods to limit your network to only receive POST transmissions from Soracom.

Method 1

You can restrict by source IP using a Virtual Private Gateway (VPG) in the group using SORACOM Beam and leveraging the VPG fixed global IP address option. Note that using the VPG and fixed global IP address option will result in a charge to your account.

Method 2

You can also only allow access from SORACOM by verifying the signature header instead of per-IP control. This requires preparing an authentication mechanism on the web server side, but it can be used at no additional cost on SORACOM side. 

In this method, a SHA256-digested value is generated based on the pre-shared key and the IMSI, IMEI, and timestamp contained in the communication header, and attached to the header. This is secured by verifying the assigned header on the Web server side. 

Method 3

Another method is assigning a fixed global IP address to your SORACOM Air IoT SIM card. Although the web server can authenticate the IP address, you will likely need to raise a support ticket on Soracom’s user console so you can verify the Air SIM’s IP address.

Soracom Napter logo

Is there a way to restrict a range of IP addresses and access ports issued by SORACOM Napter?

At this time, the IP address and port number issued by SORACOM Napter cannot be restricted by the customer. However, since the connection source is a resource in the VPC, for example, the following methods can be considered.

  1. createPortMappingCall SORACOM API that generates Napter’s IP address and port number from AWS Lambda etc.
  2. Since the body of the response contains the IP address and port number, set the permission settings for the VPC security group based on them.
  3. If necessary, notify the user of the IP address and port number, and schedule the deletion of security group settings based on the response body createdTime,duration

Although it requires some work, this will result in a more secure network from both the device and private cloud. 

That’s all for this week’s Ask Soracom! Stay tuned for more questions, and feel free to submit your own!