Based on your questions, it seems you want to connect your devices with a shared access signature (SAS) token. The SDKs will abstract this process a bit, but here's what's happening underwater:
The SAS creation process takes the following parameters:
Parameter | Note | Example |
---|---|---|
Resource URI | Combination of the IoT Hub FQDN and the Device ID | myiothub.azure-devices.net/devices/mydevice |
Signature (primary of secondary) | These are the keys associated with the device. These are not guaranteed unique across devices. | wc5FLbNggLJBY/sdGR/mC+XLPQZmjAOiX1TTDXhZl84= |
Expiry time | This indicates the expiration date of the generated SAS token | 1703492085 |
policyName | Left empty for device SAS tokens |
All of these are required, but the SDK will usually take care of the expiration time. The policyName is only used for IoT Hub level SAS tokens, which are not relevant for devices. So in short, no, you can't go with just the primary key. You'll need to provide the device ID as well.
⚠️ Important note: Both symmetric shared access keys (primary and secondary) aren't guaranteed to be unique across devices. They are not replacements for a unique identifier. The device ID is the only unique identifier for a device in IoT Hub.
Alternatives:
If for some reason you're blocked from using the device ID, you could look into Azure Device Provisioning Service, however in case of Symmetric Key attestation, you'll still need to provide a registration ID, which will return the device ID as a result. If you're using X.509 certificates, you can use the certificate thumbprint instead of the device ID.