This offer is only addressed to commercial customers including freelancers and entrepreneurs. All prices are exclusive of value added tax (VAT).
  • Share via email
  • Subscribe to blog alert

Bosch IoT Insights: access control extension, new price model and other enhancements

We would like to inform you about the continuation of the access controller extension as well as about the preparations for the new Bosch IoT Insights price model. In addition, Bosch IoT Insights now offers a new widget for device details as well as other enhancements and fixed issues.

Continuation of access control extension

For the custom roles concept, we introduced now the possibility to add “access-only” users who can have “read-only” access to views, templates, and devices when they are assigned to a custom role (INS-1779).


Example view of an “access-only” user:


Preparation for the new pay-as-you-go plan

The implementation for the new price model has started. Among all the changes, these are the most interesting:

  • New pay-as-you-go plan without basic fees
  • All paid plans get more attractive storage prices
  • All paid plans get access to decoders
  • Introduction of data access ticketing: improves resource management and enables customers to increase performance

More information will follow as soon as the implementation is completed.

New device details widget (INS-2190)

We now provide a new widget “Device Details” that can specifically  visualize the content of a device in the dashboard in the same way as in the devices section.


For more information on configuring the “Device Details” widget, please see our documentation.

Disk limit configuration for pipeline processors (INS-1541)

In addition to configuring the memory (RAM), it is now also possible to adjust the disk limit for pipeline processors. You can adjust it via Processing → Pipelines → App Settings → Processes and Instances.


Disable placeholder encoding in URLs (INS-2319)

Currently all placeholders in URLs are encoded, e.g. in the table widget. This sometimes leads to unwanted modifications in complex URLs. To prevent this, placeholders in URL fields, such as those used in table widget links and tooltip links, can now have a noencode modifier that disables encoding.

Example:{[0].text | noencode}


Action button secures credentials – REST requests API (INS-1431)

To bring the “Action Button” from beta into general availability, one step was still missing: hardening the security concept. We achieved this by relocating the execution of the underlying rest request from the frontend to our backend, as well as moving the storage and replacement of the “Secret Header” to the backend. This brings some changes for those who manage such a button:

  • The secret header was introduced
  • Each time a change is made, such a secret header must be re-entered to prevent disclosure of credentials
  • The “Authorization” tab has been removed
  • Similar behavior can be achieved by entering a secret header with the key “Authorization” and the value “Basic user:password”, but the user:password part has to be Base64 encoded
  • Parameters in placeholders no longer need the unnecessary “_value”. Example: instead of filterParams._value.paramName now only filterParams.paramName has to be entered

example action button config

Insights REST API supports OAuth2 Clients

Additionally to access via technical users, Bosch IoT Insights’ API can now also be used with OAuth2 access tokens.

This allows Bosch IoT Insights projects to increase security: OAuth2 access tokens are digitally signed and time-limited.

To use OAuth2 in Bosch IoT Insights, customers can create OAuth2 clients as they would in any other Bosch IoT Suite service:

  1. Open
  2. Use button
  3. Scroll to the last section “
  4. Choose a subscription and enter the role name you want the new client to have
  5. The client can have multiple roles, so add more until you’re done
  6. Finish with the “Create” button

⚠ Security Advice

Review who has access to your subscription management, which are listed on
All listed accounts of roles Owner, Manager, Developer can create OAuth2 clients and can assign Insights’ project admin role.

Further Improvements

INS-2299            Grant CORS access for Service Dashboard for project filtering

INS-1434             Migrate IoT Things booking to Suite Account Management API

INS-1261             Provide most recent data to the customers

INS-2094             Bosch Web Security Finding: Inclusion of Functionality from Untrusted Control Sphere


In addition the following fixes were applied to the service:

INS-2368             Conditional Actions: SMS should contain the message

INS-2294             Conditional Actions: Not user friendly JSON Error when trying to store without selection of a condition type

INS-2371             Thing API security problem: wrongfully created thing objects can be requested by all logged in users

INS-2441             Download ALL in Input History should be possible for all filtered documents

INS-2320             Device type labels and images should not disappear in sorting mode

INS-2357             Remove event button in bookings information block should delete the booking and not open the bookings dialog

INS-2378             Access Denied, even though I am logged in and have access

INS-2406             Several Bugs in the Views and Dashboard Config

INS-2508             power_user should be able to create new query templates

INS-2523             Query History – Depending on the order of clicking expanding / collapse is not working

INS-2525             QueryTemplates should be listed in DataSources again

INS-2526             IoT Things policy creation fails due to invalid token

INS-2530             Table Widget: Custom Column URL should work on RightMouseButton on “Open in new window”

INS-2533             Action Button should show the original http failure code instead of 500

INS-2562             Link in Table Widget should use Query Parameters

INS-2579             Location Map: Also zero values should be shown in tooltips

INS-2596             Colored tour map should correctly interpolate color when setting a max-value

INS-2609             Booking a service plan fails