Configure CuPS to send LNS Key using REST Api

I am trying to update a Gateway using the REST Api to Configure CUPS to send the LNS API Key. The steps to do this manually are documented here:
For quick reference, this is the area on the Console I am trying to set via the Api.

The update Gateway Put endpoint is described here:
For quick reference here is the schema for the property in question:

"lbs_lns_secret": {
        "description": "Secret contains a secret value. It also contains the ID of the Encryption key used to encrypt it.",
        "properties": {
          "key_id": {
            "description": "ID of the Key used to encrypt the secret.",
            "type": "string"
          "value": {
            "format": "byte",
            "type": "string"
        "type": "object"

The Key format is described here:
The Key format is describe here: Authentication | The Things Stack for LoRaWAN


When send my update by JSON body is:
`So when I send my update by Json Body is:

  "field_mask": "lbs_lns_secret",
  "gateway": {
    "lbs_lns_secret": {

The response I get back is:

  "ids": {
    "gateway_id": "eui-test-xxxxyyyyzzzz123",
    "eui": " eui-test-xxxxyyyyzzzz123"
  "created_at": "2024-06-27T19:01:16.388457Z",
  "updated_at": "2024-06-27T21:51:09.644234Z",
  "lbs_lns_secret": {
    "key_id": "is/gateway-secrets-encryption-key",

So it looks like everyone works until I check the console.

I’m not sure what I’m doing wrong. Has anyone else done this?
The schema indicates it’s a byte string, I’m not sure if I’m not formatting it right? I tried stuff like base64 decoding and converting to a byte-string, but that didn’t help. I’m hoping someone can save me from this game of guess and check! :slightly_smiling_face:

Please revoke this key immediately - and don’t post keys again.

It’s not clear what you are trying to do with submitting a key - I’m not a gateway person but the impression I got is that you tell it manually the once or the firmware sorts out the interchange - as you’ve created a key on the console, why not just copy & paste it in to the erm, console?

Hi Nick, I appreciate your attempt at being helpful on the forum.

To address your demand to revoke a key: This is the example key that is used in the TTI documents. There is nothing to revoke. Sometimes it is useful to post an example rather than something abstract.

Regarding your not understanding the use case: In enterprise deployments of hundreds or thousands of Gateway’s it is not practical to copy and paste keys on the console. That is why companies like TTI provide a REST Api. It allows quick and accurate provisioning of larger systems.

In any case I have sighed up for a TTI support contract as it is easy to see it is not possible to get the kind of help on need on the forum.

I’d strongly suggest you rethink your approach to winning friends & influencing people, because you never know who you may need to call upon one day or have need of their services & offerings.

And I’d know this how? Do you really think I’ve time to internalise such details from all the documentation I reference in the course of my work?

You never stated it, you just told us you had a problem with the API. If you’d said you wanted to process in bulk, then we’d have taken a different approach.

Your telling a TTI API subject matter expert this because …

Not content with patronising me, you’ve expanded to the rest of the volunteers on the forum.

Your posts thus far have been bombastic and blundering there way through without really reading any of the documentation before hand and then making pronouncements to tell us your revelations which many of us already knew or knew how to find or were available on forum search.

A support contract is typically for discrete questions and inevitably there is a limit on how much time a support contract can provide. I trust that @rish will furnish you with the consultancy rates for TTI because I see no reason why they should help you navigate learning how it all works and how to read the docs for such a modest fee.

If you chose to return to the forum, please spend a considerable amount of time reading the more complex threads to see how we approach things here and what sort of expertise is available before engaging with us. But mostly, phrase your queries with detail & context so you get the response you need sooner and don’t feel the need to be so damn rude.


You would need a commercial instance anyway as the sandbox is nog meant for enterprise usage nor suitable for it.

If you ask questions with a decent amount of readable detail and allow time for volunteers to answer you might get the answers you are after. However given the tone of your last message I am glad I don’t need to spend my spare time reading and answering them anymore.