Analytics Security Facade service (ASF) is the Kaa platform component that allows you to create ingest pipelines, test created ingest pipelines, create index templates. Also, ASF allows you to query data on analytics engine. In order to use service REST API authorization is required. For that ASF integrates with Keycloak. Keycloak manages permissions to ASF’s resources and based on policies decides whether the resource access is allowed or denied.


ASF supports a number of interfaces to perform its functional role. The key supported interfaces are summarized in the following diagram.

ASF interfaces diagram

For inter-service communication, Kaa services mainly use REST APIs and messaging protocols that run over NATS messaging system.

Ingest Pipeline API

(ASF) provides an API to create and modify ingest pipelines. Once the pipeline is created, it will be applied on the corresponding application index in Elacticsearch. Furthermore, you can use simulation endpoints to test pipeline before applying it. When a device starts sending data into the Kaa platform, the processor will be automatically applied on the incoming data. Pipeline can parse data, apply basic mathematical operations, enrich it with new data, change field values, remove fields, etc. More about pipeline-processor can be found here.

ASF provides REST APIs that can be used to manage ingest pipeline.

Index Template API

(ASF) supports index template. Index template is a way to tell Elacticsearch what configuration index should have when it is created. Having said that, you can define your own template and apply it to the application index. The mapping defines a schema for the data that is coming from devices.

ASF provides REST APIs to manage index template.

Mapping API

Mapping is the process of defining how a document, and the fields it contains, are stored and indexed.

ASF provides REST APIs that can be used to retrieve mappings for the application index.

Search API

(ASF) allows you to execute a search queries and get back search hits that match the query. Another key thing to remember is that you can run aggregations as part of a search query.

More information about search is here.

ASF provides REST APIs to run search queries.

Kaa Tenant Manager integration

ASF supports multi-tenancy with each tenant using a separate OAuth 2.0 issuer for authentication, authorization, and resource management. The list of the existing tenants is managed by Tenant Manager, which provides REST API for retrieving tenant security configs.

Management interface

ASF exposes an HTTP-based management interface with the following endpoints:

  • GET /health returns 200 OK if the service is up and running properly, and 503 Service Unavailable Error otherwise. In case of errors, the response payload contains their human-redable descriptions. This endpoint can be used by Kubernetes for liveness and readiness probing.