Edit on GitHub
Report issue
Page history

Introduction to IoT Core

Author(s): @jscud ,   Published: 2019-07-31

Introduction to IoT Core

Take the interactive version of this tutorial, which runs in the Cloud Console:

Open in Cloud Console


IoT Core is a fully managed service for connecting and managing IoT devices. This tutorial uses the gcloud command-line tool to create an IoT Core device registry, add a device, and run an MQTT sample to connect a device and publish device telemetry events.

Project setup

Google Cloud organizes resources into projects. This allows you to collect all of the related resources for a single application in one place.

Begin by creating a new project or selecting an existing project for this tutorial.

For details, see Creating a project.

Using Cloud Shell

In this tutorial, you do all of your work in Cloud Shell, which is a built-in command-line tool for the Cloud Console.

Open Cloud Shell by clicking the Activate Cloud Shell button in the navigation bar in the upper-right corner of the console.

Enable the IoT Core API

To use the IoT Core API, you must first enable it.

Use the following to enable the API:


Create your first Pub/Sub topic

A Pub/Sub topic is a named resource to which devices send messages. Create your first topic with the following command:

gcloud pubsub topics create my-topic

You will send several messages to this topic later.

Create a subscription to the device's topic

Run the following command to create a subscription, which allows you to view the messages published by your device:

gcloud pubsub subscriptions create \
    projects//subscriptions/my-subscription \

Clone the IoT Core Node.js sample files from GitHub

You use the MQTT sample to send messages to IoT Core.

Clone the sample program with the following command:

git clone https://github.com/googleapis/nodejs-iot.git

Grant permission to the IoT Core service account

In this section, you use a helper script to add the cloud-iot@system.gserviceaccount.com service account to the Pub/Sub topic with the Publisher role.

cd nodejs-iot/samples

Install the dependencies:

npm install

Run the helper script:

node scripts/iam.js my-topic

The script grants permission to the IoT Core service account on the my-topic topic.

Create a device registry

A device registry contains devices and defines properties shared by all of the contained devices. Create your device registry with the following command:

gcloud iot registries create my-registry \
    --project= \
    --region=us-central1 \

Generate your signing keys

To authenticate to IoT Core, a device needs a private key and a public key. Generate your signing keys by running the following command:


This script creates RS256 and ES256 keys in PEM format, but you'll only need the RS256 keys for this tutorial. The private key must be securely stored on the device and is used to sign the authentication (JWT (JSON Web Token)). The public key is stored in the device registry.

Create a device and add it to the registry

Run the following command to create a device and add it to the registry:

gcloud iot devices create my-node-device \
    --project= \
    --region=us-central1 \
    --registry=my-registry \
    --public-key path=rsa_cert.pem,type=rs256

Download root credentials

Download Google's CA root certificate and note the location where you downloaded it. You'll need the file path when you run the Node.js command in the next step.

Connect your device and publish messages

In this section, you send messages from a virtual device to Pub/Sub.

cd mqtt_example

Install the Node.js dependencies

npm install

Connect a virtual device to Cloud IoT Core using the MQTT bridge

node cloudiot_mqtt_example_nodejs.js \
    mqttDeviceDemo \
    --cloudRegion=us-central1 \
    --projectId= \
    --registryId=my-registry \
    --deviceId=my-node-device \
    --privateKeyFile=../rsa_private.pem \
    --serverCertFile=../roots.pem \
    --numMessages=25 \
    --algorithm=RS256 \

The output shows that the virtual device is publishing messages to the telemetry topic. 25 messages are published.

Pull published messages

Pull the messages published by the device with the following command:

gcloud pubsub subscriptions pull --auto-ack \

Running this command returns the messages published by the device. The messages have the following data, my-registry/my-node-device-payload-[INTEGER], a MESSAGE_ID, and an ATTRIBUTES list of information about the device. The MESSAGE_ID is a unique ID assigned by the server.

Note: Pub/Sub doesn't guarantee the order of the messages. It is also possible that you'll see only one message in Cloud Shell. In that case, run the same command multiple times to see the other messages.

View resources in the Cloud Console

This concludes the gcloud command-line tutorial, but you can also use the Cloud Console to view the resources you just created.

Open the Navigation menu in the upper-left corner of the console, and then select IoT Core.

You can also use this graphical user interface to create and manage device registries and devices.


Congratulations! You just walked through the basic concepts of Cloud IoT Core using the gcloud command-line tool, and you used the Cloud Console to view IoT Core resources. The next step is to create awesome applications! For more information, see the IoT Core documentation.

Here's what you can do next

View more IoT Core samples on GitHub in any of several programming languages:

Submit a tutorial

Share step-by-step guides

Submit a tutorial

Request a tutorial

Ask for community help

Submit a request

View tutorials

Search Google Cloud tutorials

View tutorials

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.