Skip to content

Using the nRF Cloud CoAP API

This end-to-end guide demonstrates how to perform the following operations:

  • Build a sample with CoAP support.
  • Prepare the device to connect to nRF Cloud over CoAP.
  • Onboard the device.
  • Confirm that the device is connected and sending data to nRF Cloud over CoAP. This guide uses a sample that also supports Location Services.



The command examples in this guide are valid for Windows. Your command-line interface may vary if you use another operating system.


Building the nRF Cloud multi-service sample

Build the multi-service sample using nRF Connect for VS Code. This sample allows you to use AT commands when you inject credentials to the device in a later step, as well as demonstrate connectivity to nRF Cloud over CoAP.

For the steps in this section, refer to How to build an application and include the following changes:

  1. Create a new application for the multi-service sample and nRF9160 DK target using nRF Connect for VS Code:

    1. Under Kconfig fragments, select the overlay_coap.conf overlay.


      See more on configuration options for the multi-service sample.

      The nRF Cloud library allows you to configure supported samples to use either a UUID or IMEI. The default is IMEI with an nrf- prefix. See Configuration options for device ID for more information.

  2. Build and flash the sample.

Installing device credentials and onboarding

This step depends on whether you are using the device for the first time or have already onboarded it.

For nRF91x1 devices, see the auto-onboarding option. For devices that are not compatible with the nRF Cloud Security Service, proceed with the steps that follow.

Before you can onboard the device and connect to nRF Cloud, you need to inject credentials to the device, including the CoAP CA certificate. If you have onboarded the device already and added it to your account, you still need to inject the CoAP CA certificate.

If you have never connected your device to nRF Cloud before, you must create a self-signed CA certificate, as well as inject the AWS and CoAP CA certificates. Complete the following steps:

  1. Navigate to the folder on your computer containing the extracted Utils repository.
  2. Navigate to the python/modem-firmware-1.3+ subfolder.
  3. Open a command prompt (or other command-line interface according to your operating system).
  4. If your device is not already switched on and connected over USB, do this now.
  5. Create a self-signed CA certificate using the create_ca_cert script:

    python -c US -st OR -l Portland -o "Nordic" -ou "Test" -cn -e -p ca_9160 -f nordic_ca
  6. Run the script with the --coap argument. Including this argument passes the necessary AWS CA and CoAP CA certificates to the device so you do not need to update them manually. Check the Utils for more information on the required and optional arguments. Your actual values will vary from the following example:

    python --coap --id_str nrf- --id_imei -d --ca ca_9160\nordic_ca333cff6f4a5bdbd0a9434bc7de170e653d7fc87ced_ca.pem --ca_key ca_9160\nordic_ca5f8b96884c3a511f874935ec4b03782eb2dea32cda_prv.pem --csv 9160_prod_provision.csv

    This generates a CSV file for onboarding.

  7. Upload the CSV file using either the nRF Cloud portal or the script:

    To onboard the device, complete the following steps:

    1. Log in to the nRF Cloud portal.
    2. Select Device Management in the left navigation bar.
    3. Select Provision Devices.
    4. Upload the CSV you generated using the credential installer script.

      The page refreshes and provides a bulk operation ID, along with a downloadable file.

    5. Download and view the response to confirm that your device is now onboarded.

    See the nRF Cloud Utils repository file for more information on the script.

    Your API key is team-specific and a required argument for the script.

    Navigate to the utils subfolder containing the script and enter the following command, replacing the API key and CSV filename with your own:

    python ./ --apikey $API_KEY --csv 9160_prod_provision.csv

    The service returns a bulk operation ID, which the script uses to fetch the operation results.

You can now confirm that the device is connected and sending information to nRF Cloud using either nRF Serial Terminal, or by checking the device's page in the nRF Cloud portal. If the device is not sending messages to nRF Cloud, press the RESET (SW5) button to reboot the device.

If your device is already onboarded and registered to your account, you do not need to generate and install new device credentials. However, to use CoAP, you must update the root CA certificate on the device to include both the AWS and CoAP root CA certificates. You can update this using the Cellular Monitor app, part of nRF Connect for Desktop. Complete the following steps:

  1. Connect your device over USB to the computer running nRF Connect for Desktop.
  2. Turn the device on.
  3. Open the Serial Terminal app.
  4. Choose your device to connect.
  5. Confirm that your device is connected.

    If the device does not respond, press the RESET (SW5) button to reboot the device.

  6. In the terminal, enter AT+CFUN=4 to disable the modem.

  7. Check the output to confirm that the modem is disabled.
  8. Open Cellular Monitor.
  9. Choose your device.
  10. Select the Certificate Manager tab.
  11. Copy and paste the following AWS CA and CoAP CA certificates into the CA Certificate field with the default security tag 16842753. Note that the certificates are in the same field, one after the other, with the AWS CA certificate first:

    -----END CERTIFICATE-----
    -----END CERTIFICATE-----
  12. Click Update certificate.

  13. Verify that the device certificate is updated in the Terminal tab.
  14. Press the RESET (SW5) button to reboot the device. This also re-enables the modem.

    The device attempts to connect over CoAP, using its updated certificates.

  15. Confirm in Serial Terminal that the device connects successfully to nRF Cloud.

You can now confirm that the device is connected and sending information to nRF Cloud from the device's page in the nRF Cloud portal. If the device is not sending messages to nRF Cloud, press the RESET (SW5) button to reboot the device.


The connection may return a failure on the first try. If this happens, allow the device to attempt connecting again before you begin troubleshooting.