oneM2M REST Resources


Common Services Entity (CSE) Base

A <CSEBase> resource represents a CSE and serves as the root resource for all resources that are residing in the CSE. 


Application Entity (AE)

An <AE> resource represents an Application Entity that is registered to a CSE.  An <AE> resource supports attributes such as identifiers, contact information, status and capabilities of the Application Entity.  An <AE> resource also serves as the root resource for all child resources of the Application Entity. For example, <container>, <flexContainer>, <subscription> and <group> resources of an Application Entity. 



Containers describe attributes of the data and child resources which are useful for representing hierarchical data structures. They can be created and organised in a similar manner to folders on a computer. Each Container is allocated a unique ID and property fields that hold information about that container’s contents. A container can contain additional containers which are analogous to subfolders on a computer.

A Container for data instances is represented by the <container> resource. It stores data that is used to share information with other entities and to track data. A <container> resource does not store actual values in the resource itself. Actual values from a sensor, for example, are stored in child-resources of <container>, i.e. <contentInstance> or further <container> resources. A single <contentInstance> contains a single piece of data sent by the publishing application. 

<container> is the only resource allowed to have recursive child resources i.s. A <container> resource can have other <container> resources as child resources. This property is useful for representing hierarchical data structures.


Access Control Policy

Access Control Policies (ACPs) are used by the CSE to control access to resources. Resources are always linked to Access Control Policies. ACPs are shared between several resources.

Access Control Policies contain the rules (Privileges) defining:

  • WHO can access the Resource (e.g. Identifiers of authorized AE/CSE).

  • For WHAT operation (CREATE / RETRIEVE / UPDATE / DELETE...).

  • Under WHICH contextual circumstances (Time, Location, IP address). 

ACPs are represented by <accessControlPolicy> resources.These consist of privilege and selfPrivilege attributes that implement Access Control Rules (acr) through Access Control Originator (acor) and Access Control Operation (acop) procedures.

Access Control Operations are invoked through a value that is set on the basis of designated operation codes. The value ‘5’, for example, corresponds to “CREATE and UPDATE” operations.

Operation Code

  • CREATE 1


  • UPDATE 4

  • DELETE 8

  • NOTIFY 16



Common attribute accessControlPolicyIDs link resources that are not <accessControlPolicy> resources to <accessControlPolicy> resources. All resources are accessible only if the privileges from the ACP grants it. All resources have an associated accessControlPolicyIDs attribute, either explicitly or implicitly.


Subscription & Notification

Events generated by resources can be received using the <subscription> resource. The <subscription> resource contains subscription information for its "subscribed-to" resource. The <subscription> resource is a child resource of the "subscribed-to" resource.

The originator (resource subscriber) has RETRIEVE privileges to the "subscribed-to" resource in order to create the <subscription> resource.

Notification policies specified in the attributes can be applied to the <subscription>. These specify which, when, and how notifications are sent. An example is the batchNotify attribute which indicates the receipt of notifications in batches rather than one at a time.



Resource Discovery can be accomplished using the RETRIEVE operation by an Originator.

Use of the filterCriteria parameter allows developers to limit the scope of results through parameters such as Type, Labels, Content Size.



A <group> resource represents a group of resources. A <group> resource can be used to do bulk manipulations on the member resources of the group. The <group> resource contains an attribute (i.e. memberIDs) that represents the members of the group and a <fanOutPoint> virtual resource that enables operations to be performed on all these member resources in either a unicast or multicast fashion. 


A <flexContainer> is a customizable container for data instances. Like a <container> resource, <flexContainer> resources are used to share information with other entities and potentially to track the data. While the <container> resource includes data to be made accessible to oneM2M entities inside <contentInstance> child resources, a <flexContainer> resource supports content directly inside the <flexContainer> resource by means of one or more custom attribute(s). The attribute name and attribute data type of each custom attribute are defined explicitly for each customized <flexContainer>, i.e. the specific set of attribute name and type are defined in a corresponding XSD-file.