MindSphere FAQs


      How can I download the MindSphere certificates?

        1. Use chrome to go your MindSphere tenant.
        2. Press Key "F12"
        3. Click on the tab "Security".
        4. Click on "View certificate".
        5. Click on tab "Certification path".
        5a. Click on "QouVadis Root CA 2 G3" and "View certificate".
        5b. Click on tab "Details" and "copy to file".
        6. Repeat 5a and 5b for the "QouVadis Enterprise Trust CA 2 G3" and "Siemens Issuing CA Internet Server 2017" certificate.


      MindConnect Nano / IOT 2040

        How to get (extended) Logfiles from your MindConnect device

          You can run diagnostic and maintenance USB commands on your MindConnect Elements. Those files are mandatory for error analysis via the Mindsphere Support.

          All necessary steps can be found in the „Getting Connected to MindSphere“ documentation in the chapter "Mounting and installing MindConnect Elements" -> "USB commands":

          • USB stick (fat32 formatted)
          • ConBox_Commands.json file with a special content

        Factory Reset of MindConnect Device

          A factory reset is only necessary for MindConnect Elements that were already connected to MindSphere V2 (SAP). 

          Instead it is recommended if the MindConnect should be switched from on Tenant to an other Tenant.

          You will find the necessary steps in the „Getting Connected to MindSphere“ documentation in the chapter "Manual firmware update of MindConnect Element":

          • USB stick (fat32 formatted)
          • ConBox_Commands.json file with a special content and
          • the newest firmware version of your MindConnect Device

        How to get the latest Firmware for your MindConnect device

          The latest firmware of the MindSphere MindConnect Elements can be found in the SIOS (Siemens Industry Online Support) web-portal:


          • MC IoT2040: https://support.industry.siemens.com/cs/document/109745562

          • MC Nano: https://support.industry.siemens.com/cs/document/109745561


          An installation guide can be found in the "Getting Connected to MindSphere documentation" (https://documentation.mindsphere.io/resources/html/getting-connected/en-US/index.html) in the chapter "Firmware update":


          In general, there are two different ways to perform a firmware update:


          • Manual firmware update of MindConnect Element

          • Automatic Firmware update in Asset Manager

        What data types and ranges are available?

        How can you onboard a MindConnect Element


          The following steps describe how you can onboard a MindConnect Nano and how to configure the Data Mapping in the Asset Manager. By doing so, we basically connect the Datasource (Plant) with the Aspects (MindSphere). For this example we use the S7 protocoll and read out an Integer variable from a SIMATIC S7-1500.

          • Create new Asset and configure MindConnect Agent (Menu “Asset” on the left)
          • Create new asset based on “core.mcnano” and give a name (e.g. Asset_NanoAgent)
          • Insert unique box ID and configure Web- and Plant-Interfaces (as shown in the image)
          • Optional: update Firmware if necessary
          • Download config file and onboard Nano Box

        Which Error-Codes/Quality-Codes can occure?

      MindConnect Library

        What data types and ranges are available?

        How you can refresh the MCLib Key/Token?

          There are two functions an agent must call at some specific periods to be able to send data for long periods.

          • mcl_communication_get_access_token – 30 minutes
          • mcl_communication_rotate_key – 7 days


          If the agent does not call these functions it will fail to send data after some time.

          And here is an example code for Key Rotation:

            // If everything is successful so far, exchange the store which contains timeseries.

            if (MCL_OK == code)


            printf("Uploading timeseries: ");

            code = mcl_communication_exchange(communication, store, NULL);

            // If exchange returns unauthorized, then get new access token.

            if (MCL_UNAUTHORIZED == code)


            printf("Getting new access token: ");

            code = mcl_communication_get_access_token(communication);

            // If getting new access token is successful, then try exchange again.

            if (MCL_OK == code)

            { printf("Retrying exchange: "); code = mcl_communication_exchange(communication, store, NULL); }

            else if (MCL_BAD_REQUEST == code)


            // If get access token call returns bad request error then rotate key and try exchanging again.

            printf("Calling rotate key: ");

            code = mcl_communication_rotate_key(communication);

            // If key rotation is successful, then retry exchange.

            if (MCL_OK == code)

            { printf("Retrying exchange: "); code = mcl_communication_exchange(communication, store, NULL); }




        What Error Codes does the MCLib have?

    Mindsphere Standard Applications

      Asset Manager

      Developer Cockpit

        Why you don't see the delete Button from your App in Developer Cockpit?

          An app can only be deleted if it is de-registered and its state is “In Development”.


          If the state of your application is in “Preparation in Progress”, the delete button is hidden. This state indicates that an upload has already been initiated, e.g. the manifest file has already been uploaded.


          To delete the app, the upload must be discarded:

          1. Open your application in Developer Cockpit
          2. Click on “Manage Uploads” button (top right corner)
          3. Discard the upload and confirm


          Result: State changes to “In Development” and delete button is available.

        The Upload of your App failed. How can you start a new handover?

        Why does the upload of your app take so long?

          By uploading your application via Developer Cockpit, you confirm having evaluated and tested the application with respect to its technology, functionality, performance, security, and user interface. You agree that your application complies with the documentation and any other requirements set out in the MindSphere Master Agreement (MMA) or the respective order form.

          Please also check the documentation "Get your Application Ready for Productive Use":

          After uploading the application the preparations and verifications of the productive release will be started. Usually this takes only a few days and should not exceed 5 days. Developers should consider this period in their planning. This process cannot be accelerated. Therefore, please do not send any requests to the MindSphere Support. An email notification is sent to the primary and secondary e-mail address as soon as the application is available for productive use.

        Component in manifest file does not match the components added while creating application

          This error occurs most likely, due to a misalignment in the configuration in the Developer Cockpit. It is important, that the component names registered in the Developer Cockpit match the respective names in the manifest file (see screenshot below for a false configuration).


          This is already documented here: https://developer.mindsphere.io/howto/howto-cf-single-manifest.html#preparation-checklist


          There are 2 possibilities how to solve it:


          - deregister application from Developer Cockpit 
          - change component names in Developer Cockpit, so that they match the names in Manifest file


          - Change the names in the Manifest files, so that they match the component names in Developer Cockpit


      Fleet Manager

      Operator Cockpit

        How can you check if your App in Operator Tenant has Token Manager Service activated?

          This information will be found in the metadata.json file. The metadata.json is included in the application package, which can be downloaded from your Operator Cockpit.

          In the metadata.json, check for the entry "serviceCredentialTypes". This states either none for no credentials or the type of credentials issued.

          The picture below shows where you can download the Application files, which include the metadata.json file.

        How can you obtain ClientID and ClientSecret for your App on the Operator Tenant?

          Once your application is registered on Operator Cockpit, the two following variables are added to the env variables for all components of your App:


          MDSP_KEY_STORE_CLIENT_ID: "clientID"

          MDSP_KEY_STORE_CLIENT_SECRET: "ClientSecret"


          When testing your code on the Developer Plan Tenant, we recommend adding those two env variables using the credentials for your Dev Tenant. This way, you will create the same behavior as the one you will find on the productive system.


          See Documentation for Operator Cockpit: https://documentation.mindsphere.io/resources/html/operator-cockpit/en-US/120367607947.html.



      Usage Transperacy

    Additional Mindsphere Applications

      Agent Diagnostic

      Data Exploration

      MC Edge Analytics

      MC IOT Extension

        How can you activate MC IOT Extension App on your tenant?

          Requirements to be able to activate MC IOT Extension App on your tenant:

          1. You have a MindAccess IOT Value Plan or MindAccess Developer Plan
          2. You are TenantAdmin on the tenant.

          Hint: MC IOT Extension is not available for TRIAL Tenants and MindAccess Operator Plans.


          There are three ways to activate MC IOT Extension on your tenant.

          1. You have the Welcome email of your tenant. There is MC IOT Extension Activation mentioned and you can use the provided link to get MC IOT Extension App activated.
          2. You write an email to provisioning@mindsphere.io.
          3. You write a support ticket from your tenant in the top right corner with click on Mindsphere > Support.


          With option 2 and 3 please use the following template to provide the necessary information:


          Email Template to order IOT Extension via Mindsphere Provisioning or Support

            Subject: Activate MindConnect IoT Extension - Tenant: <Tenant Name>

            Email Body:

            Dear MindSphere User

            MindConnect IoT Extension is a connectivity layer that expands the number of protocols that can communicate with MindSphere. Various field protocols are supported along with an increased range of hardware connectivity agents that create direct connection to assets in the production environment. Use the complete environment to create and manage agents and devices. MindConnect IoT Extension is included in the MindAccess offerings with upgrades available for increases in data ingestion based on solution requirements.

            First Name:

            Last Name:

            Email (User Name):

            Instructions: Please provide the following information to request activation of MindConnect IoT Extension for your tenant <Tenant Name> and send the email.




        How you can enable Cloud Fieldbus / OPC UA Server for MC IoT Extension

        Your Login for MindConnect IOT Extension does not work?

          Note that the accounts for your Tenant and IOT Extension are different. Each of those two systems has its own user management. Thus, you will need to have two accounts when working with both tools (Tenant and IOT Extensions).

          For IOT Extensions, the tenant owner is initially given a password upon creation. He can then invite more users. We would ask you to speak to your Tenant Owner in order to invite you to the accounts.

      MC IOT Integrations

        Your Login for MindConnect Integration does not work?

          Note that the accounts for your Tenant and MindConnect Integration are different. Each of those two systems has its own user management. Thus, you will need to have two accounts when working with both tools (Tenant and Integration).

          For Integration, the tenant owner is initially given a password upon creation. He can then invite more users. We would ask you to speak to your Tenant Owner in order to invite you to the accounts.

      Predictive Learning

      Product Intelligence

      Visual Analyzer

      Visual Explorer / Connector

      Visual Flow Creator

    Custom Development

      Mindsphere API

        How to authenticate requests to the Mindsphere API?

          Mindsphere offers 3 different ways to authenticate requests to the Mindsphere API.



          - Mindsphere Developer Tenant

          - Traffic Outbound Upgrade (only for Service Credentials)



          1. Application Credentials (recommended)


          Application Credentials consist of a client_id and a client_secret. Both can be requested from the Developer Cockpit's Authorization Management, after the application has been created.



          Those credentials can then be used to request an application access token from the Token Management Service.



          Applications which use application credentials for the API authorization are automatically able to authenticate at the API's of the Operator Tenant and IOT Value Plan Tenant, after the application has been provisioned to those tenants.



          2. Service Credentials


          Service Credentials also consist of a client_id and a client_secret but act like a technical user (shadow user). They offer a static way for authentication to the API, because they can only be used at Developer Plan Tenants. The most common use case is for CI/CD pipelines or Self-Hosted applications (application which is not deployed to Cloud Foundry).




          3. Session Stealing (Recommended for Postman)


          After logging in to a Mindsphere Tenant, the user receives a Session cookie which keeps the current browser session active. This cookie can be used for authenticate requests to our API. The Cookie and its value can be read out via the browser console. The console can be opened with "F12". The exact place where the cookie can then be found depends on the used browser:


          Chrome: -> Application -> Cookies

          Firefox: -> Storage -> Cookies


          The roles and scopes of the cookie depend on the application from where the cookie was received. Example: The AssetManager combines all roles and scopes for the Asset Management API. A Cookie will have all those roles and scopes when using the Cookie from this application: https://{{Tenant_Name}}-assetmanager.{{region}}.mindsphere.io


          The same counts for every application which provides this cookie.


          Useful Links:



        How can you modify TimeSeries Data in Mindsphere?

        Are there some limits for IoT Time Series Service?

      Cloud Foundry

        How can I login to MindSphere Cloud Foundry?

          Once the CF CLI is set up, you can access MindSphere Cloud Foundry using the following command:

          cf login -a https://api.cf.{region}.{mindsphere-domain} --sso


          Cloud Foundry will point out a link where you can obtain a passcode to complete the login process using your MindSphere Webkey Credentials.

          Developer Documentation:


        Why are you not able to create a service in the Operator Org?

        How do you get access to your Cloud Foundry Org?

          The Mindsphere user roles (e.g.: Tenant Admin) and the Cloud Foundry role refer to two different accounts.
          When the Tenant is created, only the Tenant Owner will be assigned a role in the tenant and in the Cloud Foundry Org.

          The Tenant Owner is able to assign tenant admin role in the tenant to other users. In Cloud Foundry, like in the tenant, the Tenant Owner has to invite users and create Spaces and assign roles to the Org/Spaces.

          In order to get your role in cloud foundry, you need to contact the Tenant Owner.

          Please find here the documentation of how your Tenant Owner can add a new user to Cloud Foundry https://developer.mindsphere.io/paas/paas-cloudfoundry-howtos.html

        What are the most important Cloud Foundry CLI commands?

          The most important Cloud Foundry CLI commands can be found:

          • in the MindSphere Developer Documentation in the chapter "Cloud Foundry How Tos":

          • in the corresponding Cloud Foundry documentation:

          Please note that not all commands can be executed with the OrgManager role. In some cases the SpaceDeveloper role is necessary, e.g. to start or stop apps. You can find a complete overview at the following link:

        Why the invitation to Cloud Foundry failed with message: User could not be found?

          You want to invite a new user to your MindSphere Cloud Foundry Organization (Org) with the command cf set-org-role and see the following error:

          Server error, status code: 404, error code: 20003, message: The user could not be found: <Email address of the user>

          Please note the "Add a New User" description in the MindSphere "Cloud Foundry How Tos" documentation:

          Prerequisites for adding a new user:
          • The new user has access to a DevOps Plan.
          • The new user has logged into the Cloud Foundry once before (see Connecting to Cloud Foundry via CF CLI).

        How you check if CF buildpacks support a specific version of a programming language?

          1. Login to MindSphere Cloud Foundry
          2. Check with the command "cf marketplace" which buildpacks currently supported
          3. Go to https://github.com/cloudfoundry and search for the specific CF buildpack version
          4. Under the chapter “Packaged binaries” you can find the information which programming language versions are supported within this CF buildpack.
          5. You can use ^ ~ inside the package.json file to install a compatible or similar version.

        Which Backing Service Type should you use for productive environment

          Mindsphere recommends to use Backing Service M to use for productive environments. You have the following advantages:

          • More Harddisk/ more Memory
          • Redundancy
          • No downtime during updates in CloudFoundry

        Which users can access the Kibana dashboard for a logme instance?

          To access the Kibana Dashboard, the Role SpaceDeveloper for the relevant Space is needed.


      Mindsphere Resources

        Fleet Manager Plugin SDK

        MindSphere OS Bar

        MindSphere SDK V2 for Java

        MindSphere SDK for Node.js

        MindSphere Web Components

        Open Edge Device Kit

        MindSphere SDK for Python


        Which IP addresses are there to access application server/firewall settings?

          The IP addresses for your firewall settings in order to enable access to your application server can be found here:


          Note that there can be temporary situations where the IP addresses provided are not reachable (e.g. in case of a fallback). Any permanent change will be updated in the documentation as provided above.


          The IP address mention in document is not sufficient

        How can I identify the user that is logged into my custom MindApp?

        How to get Service Credentials for my Self-Hosted Application?

          Please note the "Creating Service Credentials" description in the MindSphere Developer Documentation under the chapter "How Tos":

          • MindAccess DevOps Plan - this is your MindSphere account (tenant)
          • Service Credentials for IoT Value Plan Tenants cannot be created, because a DevOps Plan is needed for developing purposes
          • mdsp:core:TenantAdmin role
          • Outbound Traffic Upgrade - this includes a data volume for consuming MindSphere services from outside of the MindSphere platform

          Creating Service Credentials:
          In order to create new or update existing service credentials, you have to make a service request to the MindSphere Support using a special template which can be found under:


        How you get support for Mendix apps on MindSphere?

        How to solve Mendix error "The given CockpitApplicationName Change%20me was not found in the provided authorization information"

          The constant (CockpitApplicationName) must be set to the "Internal Name" of the app under which the app was registered in the Developer Cockpit. This can either be done directly in the app by overwriting the value or better than Cf environment variable via manifest:

          MX_MindSphereSingleSignOn_CockpitApplicationName: NAME_OF_THE_APP

          NOTE: Make sure to "Commit" your changes in the Mendix Modeler before publishing your application to Mindsphere

          Configure App Name

    Application Examples

      MindConnect Function Block S7-1500 (MCFB)


      How to provide Logfiles or Screenshots to the MindSphere Support Team?

        Siemens Customers:

        Log files or screenshots can be provided to the MindSphere Support Team by attaching those files to the reply of the welcome email (IR Has Been Created) of the previously created support ticket.

        External Customers:


        After the IR has been created, log files con be provided by uploading them to the following URL: