Soracom Beam is a proxy service for forwarding data from a device to an endpoint that you specify, such as a server or a cloud service. Proxying with Beam allows you to add encryption such as converting an HTTP request from your device to HTTPS, and to modify the request such as adding custom HTTP headers, so that the device does not need to do so by itself.

With this update, the Soracom Beam HTTP and Website entry points can now generate and add Authorization headers to the HTTP requests forwarded to your endpoint, based on credentials that you store in Soracom. This allows your server or cloud service to authorize the connections coming from Beam.

Available authentication schemes

The Soracom Beam Authorization header option supports the following schemes:

AWS Signature V4

• Supported Credentials: AWS credentials, AWS IAM Role credentials

With this scheme, Beam will generate AWS Signature V4 headers based on your AWS or AWS IAM Role credentials, service, and region of AWS, and append them to the HTTP request.

Basic

• Supported Credentials: Username password credentials

With this scheme, Beam will generate a value based on your username and password credentials, and append it to the HTTP request as an Authorization: Basic ${value} header.

Bearer

• Supported Credentials: API token credentials, Pre-Shared Key

With this scheme, Beam will append the value of your API token or Pre-Shared Key to the HTTP request as an Authorization: Bearer ${token} header.

Bearer JWT Token

• Supported Credentials: Google Service Account (JSON), Private Key (PEM)

With this scheme, Beam will generate a JSON Web Token (JWT) based on your credentials and JWT claims, and append it to the HTTP request as an Authorization: Bearer ${token} header.

For more details, please refer to the Soracom Beam documentation.