Platform Architecture

Doover is a remote-control-and-telemetry-as-a-service platform that connects IoT devices to a web application. It enables organisations to manage fleets of edge devices, deploy applications, and visualise real-time data from anywhere.

Doovits are Doover's flagship edge computing hardware. They are industrial-grade units designed for deployment in harsh, remote environments. Each Doovit includes:

• Digital and analog I/O for interfacing with sensors, relays, and actuators
• Cellular connectivity (4G/LTE) for always-on cloud communication without local network infrastructure
• GPS for location tracking and geofencing
• Compute module (CM4-based) running a Linux OS with Docker for hosting containerised applications

Doovits run a local device agent service that manages communication with the cloud, handles application deployment, and exposes hardware interfaces to user applications.

The Doover platform is organised into three layers that work together to deliver end-to-end IoT capability.

The device layer runs on Doovits (or any Docker-capable edge device). Applications are deployed as Docker containers and interact with hardware through pydoover's interface classes:

• DeviceAgentInterface handles communication with the Doover cloud, including channels, messages, and events.
• PlatformInterface provides access to digital/analog I/O and pulse counters on the physical hardware.
• ModbusInterface enables communication with Modbus RTU/TCP devices over serial or network connections.

Applications run continuously in a main loop, reading sensor data, executing control logic, and publishing state to the cloud.

The cloud layer hosts the platform's backend services:

• Processors are event-driven cloud functions that react to data changes, run on schedules, or respond to deployments. They execute in a serverless environment (AWS Lambda) and have full access to the cloud API.
• Data plane (data.doover.com) stores and serves channels, messages, and aggregates. It handles real-time data ingestion and retrieval.
• Control plane (api.doover.com) manages resources such as agents, applications, organisations, and deployments.
• Authentication (auth.doover.com) provides OAuth 2.0 token management with refresh token support.

The web layer provides browser-based interfaces for managing devices and viewing data:

• Admin portal (doover-admin) for platform administration, user management, and system configuration.
• Customer site (customer-site) for end-user device monitoring, control, and data visualisation.
• Channel viewer for inspecting channel data, message history, and aggregate state during development.

The web applications consume the same Data and Control APIs that are available to developers through pydoover.

Doover exposes two distinct API surfaces, each serving a different purpose.

The Data API handles all real-time data operations. Use it to:

• Create and manage channels (named data streams on an agent)
• Publish and retrieve messages (individual data records with JSON payloads)
• Read and update aggregates (the latest consolidated state of a channel)
• Subscribe to events (real-time notifications of data changes via WebSocket)

In pydoover, the DataClient and AsyncDataClient classes provide access to the Data API. See Cloud API Client for details.

The Control API manages platform resources and configuration. Use it to:

• Register and manage agents (devices and processors)
• Deploy and update applications
• Configure organisations and user access
• Manage notification endpoints and subscriptions

In pydoover, the ControlClient class provides access to the Control API. See Agent Management for details.

All API access is authenticated through Doover's OAuth 2.0 service at auth.doover.com. The authentication flow works as follows:

1. A client authenticates with username/password or an existing token.
2. The auth service returns an access token and a refresh token.
3. The access token is included in API requests as a Bearer token.
4. When the access token expires, pydoover automatically uses the refresh token to obtain a new one.

from pydoover.cloud.api import Client

# Authenticate with credentials — tokens are managed automatically
client = Client(username="user@example.com", password="secret")

The code above creates a client that authenticates on first use. pydoover handles token refresh transparently, so you do not need to manage token lifecycle manually.

For full authentication documentation, see Authentication.

Doover is a multi-tenant platform. Every resource (agent, channel, application) belongs to an organisation. Organisations provide:

• Isolation between different customers and deployments
• Access control so users only see devices and data within their organisation
• Billing boundaries for usage tracking

Users can belong to multiple organisations and switch between them. API operations are scoped to the authenticated user's organisation context.

An agent is the fundamental deployable unit in Doover. Agents represent either:

• A device (a physical Doovit or other edge hardware) that runs Docker applications and reports telemetry
• A processor (a cloud function) that runs in response to events or schedules

Every agent has a unique agent_id and can own channels for publishing and receiving data. Agents are registered within an organisation and can have applications deployed to them.

For a deeper look at agents, channels, messages, and the other building blocks, see Core Concepts.