Trac-Car IOT Service Configuration

Towards Net Zero

Energy and Carbon Footprint Application

Enter Account ID:

Enter Email:
Enter 6 digit PIN: Enter password:

Your account private data can only be accessed by you. It is protected by encryption.

Your account requires VPN Sign in. Enter Account ID to verify Verviam VPN connection. Turn off VPN requirement
To ensure security of authentication, permitted maximum elapsed time since connection to VPN is 60 minutes.

Configure End Users. Signed JWT tokens protect your request from origin to endpoint via the Trac-Car API Gateway. Configure end users and endpoint REST APIs. Credentials can be forwarded encrypted, unencrypted, or as a signed JWT token, using the account secret key. Endpoint services are authenticated at the Trac-Car API Gateway before being forwarded to destination URIs. See the Configuration Guide.
    - End users can be e.g. user ID, device ID, client ID, signed JWT.
    - Secrets can be e.g. Password, Client Secret, JWS Token with OpenID Scopes
    - Policy based tags provide access protected resources (ABAC).

Download as CSV

Configure New Meter:
Use only letters, numbers, hyphens, or underscores with no spaces for Endpoint Name. This name cannot be changed.
Unique Endpoint Name : Description :
Credentials Forwarding:
JWT Token RS256 signed with account Private Key (verified with the Public Key). e.g. www.example.com/myApp?JWT=mysignedJWT
Complete connection string including endpoint URI and credentials e.g.myexampleAPIGateway.com/myapp?query=myquery&secret=mysecret
SecretID/secretValue and endpoint URI e.g. www.example.com/myApp?userID=encryptedID&password=encryptedPassword

       SecretID Name: SecretID Value:
Secret Value Name:     Secret Value :
         Endpoint URL:
Use the Secrets option for passing credentials in the form of an identifier e.g. UserID and Password, ClientID and Secret Value, TokenID and Token
Forward Endpoint: Trac-Car will forward an unencrypted request as e.g. www.example.com/myApp?userID=myID&password=myPassword. An encrypted request as e.g. www.example.com/myApp?userID=encryptedID&password=encryptedPassword. The encrypted parameters must be decrypted at the endpoint.

Connection URI:
Optional REST Parameters:
Use the Connection URI for the destination endpoint connection string. Add optional parameters to complete connection as appropriate
Trac-Car forwards an unencrypted request to an endpoint as e.g. https://www.example.com/connectionURI?query=myquerystring&userID=myuser&pwd=mypass.
Trac-Car forwards an encrypted request as e.g. https://www.example.com/connectionURI?params=myEncryptedOptionalParameters.
Encrypted parameters must be decrypted at the endpoint server. See Trac-Car User Guide

Scope Item: Scope Item Value:

Token Payload:
Endpoint URL: Token expiry (minutes) :
Add JWS Token Payload (max 10 items). Override token default expiry time of one hour as required. Payload Items can be any custom scopes understood by your application, as well as OAuth 2.0 OpenID Connect required elements. Forward endpoint: Trac-Car will forward a signed JWT request as e.g. https://myServiceEndpointURI?JWT=JWTToken

Credentials Encryption Option:
Forward my secretID/secret, connection parameters and endpoint tags encrypted with my secret Key, protected by my RSA public/private keypair.
Forward unencrypted to my application/system. My network connection is secure, and does not require encrypted message content.

Identity Data Option:
Store encrypted personal identity data for this End User/Endpoint

      User ID :
First Name : Last Name :
           Role : Company :
         Email :             Town :
      Country : PostCode :

Endpoint Tags Option:
Store tags with this End User/Endpoint. Tag names must be unique. Multiple values may be added e.g. as an object, an array, or separated by commas

Add attribute tags: Remove all tags:

Tag Name: Tag Value:

Add Tag
Edit existing tag items below. Update Tags

It is advisable to rotate keys regularly as a strong security measure. This operation cannot be undone!
You must copy all account REST APIs again as the encryption values of your services will be updated.
The new keys may require updated decryption configuration on your system, to decode your endpoint encrypted parameters.
See Trac-Car Configuration Guide for more information on how to use the keys

Keep keys in a safe place. They are only accessible from this page.

Update Rotation Status: Either schedule key rotation or rotate keys now by clicking the update button below. Note: rotating keys means that if you have configured to encrypt your credentials in transit, the decryption key must be updated before decryption at your endpoint URL.

Rotate Account Encryption Keys daily Note: new JWT tokens are issued every 24 hours
Remove Existing Daily Keys Rotation Note: JWT tokens will no longer be updated daily

The RSA PublicPrivate Keypair: modulusLength: 2048,
publicKeyEncoding: {type: 'pkcs8', format: 'pem' },
privateKeyEncoding: {type: 'pkcs8', format: 'pem'}.

Account Secret Key:

Copy Secret Key

Copy Public Key

Copy Private Key

VPN Password: copy

Copy VPN Password

Download your VPN configuration file, and your client certificate and key then edit the configuration file with your device local information.
Configure your VPN Client to use this file. Download and install an OpenVPN Client for your device operating system.

Configuration Guide:
    1. Your VPN username is your AccountID@Trac-Car.directory.com e.g. VP1234567890@Trac-Car.directory.com, Copy your password below.
    2. Save your VPN username and VPN password in a text file with the first line containing the username and the second line the password e.g. login.txt.
                VP1234567890@Trac-Car.directory.com
                YourVPNPassword
    3. Download and install e.g. AWS OpenVPN Client or OpenVPN Community Client for your device operating system
    4. Download and save your Trac-CarVPN.ovpn configuration file. This is the configuration file required by your VPN Client.
    5. Change the Trac-Car VPN config file with the line auth-user-pass "c:\\my-config-directory\\login.txt". Note Windows requires double backslash.
    6. Download and save your VPN client certificate e.g. "c:\\my-config-directory\\client1.domain.tld.crt".
    7. Change the Trac-Car VPN config file with the line --cert. Note Windows requires a double backslash.
    8. Download and save your VPN client key e.g. "c:\\my-config-directory\\client1.domain.tld.key".
    9. Change the Trac-Car VPN config line --key. Note that Windows requires a double backslash.
    10. Configure your downloaded VPN client to use your saved Trac-Car VPN configuration file Trac-CarVPN.ovpn
    11. Connect to the VPN. You must be signed into the VPN before you can sign in to the VPN Portal to access your registered services.