IoT Command Control Flow: Mermaid Sequence Diagram

IoT Command Control Flow sequence diagram

About Source

IoT command and control flow describes the sequence of messages exchanged when an operator or automated system sends a command — such as "set thermostat to 22°C" or "open valve for 30 seconds" — to a remote device, including authorization checks, delivery acknowledgement, execution confirmation, and timeout handling.

Reliable command delivery is harder than it appears because IoT devices are frequently offline, on intermittent connections, or slow to process commands due to constrained hardware. A well-designed command flow must handle all of these cases without losing commands or sending them twice.

Commands originate from one of three sources: an operator acting through a management dashboard, an automation rule firing in response to a sensor event, or an external system integrating via API. All three paths route through the same command API, which enforces authorization — does this caller have permission to send this command type to this device?

Authorised commands are stored in a command queue in the cloud device shadow or job store before delivery is attempted. This persistence means commands survive transient device disconnections. The cloud platform publishes the command to the device's subscribed MQTT topic. If the device is connected, it receives the command promptly and publishes an execution acknowledgement back to the platform. If the device is offline, the retained message waits and is delivered on next connection.

The device executes the command and publishes a completion status — either success with the new state, or failure with an error code. The command queue marks the job complete. If no acknowledgement arrives within a configurable timeout window, the platform marks the command as timed-out and raises an alert. Operators can inspect failed or timed-out commands and choose to retry or escalate. For the authentication layer underpinning this channel, see IoT Device Authentication. For firmware update commands specifically, see IoT Firmware Update Flow.

Frequently asked questions

IoT command and control flow is the sequence of messages exchanged when an operator or automation sends a command to a remote device, covering authorisation, persistent queuing, delivery over MQTT, execution acknowledgement, completion reporting, and timeout handling. It ensures commands are not lost during device disconnections and are not delivered more than once.

Commands from an operator dashboard, an automation rule, or an external API are authorised and stored in a cloud command queue before delivery is attempted. The platform publishes the command to the device's MQTT topic; the device acknowledges receipt, executes the command, and publishes a completion status. If the device is offline, the queued command is delivered on reconnection. If no acknowledgement arrives within the timeout window, the platform marks the command timed-out and raises an alert.

Use a persistent command queue whenever devices may be offline at the moment a command is issued. Without persistence, commands sent to a disconnected device are silently dropped. Persistence also enables audit trails, retry logic, and command deduplication — critical for commands that control physical actuators where duplicate execution could cause safety issues.

Common mistakes include not persisting commands before attempting delivery, so a device that reconnects after an outage never receives the command. Others are setting too short a timeout so transient delays cause false failures, omitting idempotency keys so retried commands execute twice, and not separating command authorisation from command delivery so a single compromised component can issue arbitrary commands.

mermaid

sequenceDiagram
    participant Operator as Operator / Automation
    participant API as Command API
    participant Auth as Authorization Service
    participant Queue as Command Queue
    participant Platform as IoT Platform
    participant Device as IoT Device

    Operator->&gt;API: Submit command\n(device ID, action, params)
    API->&gt;Auth: Check permission\n(caller, device, command type)
    Auth->&gt;API: ALLOW / DENY
    alt Not authorized
        API->&gt;Operator: 403 Forbidden
    else Authorized
        API->&gt;Queue: Persist command\n(status: PENDING)
        API->&gt;Operator: 202 Accepted (command ID)
        Queue->&gt;Platform: Dispatch command to device topic
        Platform->&gt;Device: Publish command via MQTT retained
        alt Device connected
            Device->&gt;Platform: PUBACK (message received)
            Platform->&gt;Queue: Update status: DELIVERED
            Device->&gt;Device: Execute command
            Device->&gt;Platform: Publish completion status\n(success / error code)
            Platform->&gt;Queue: Update status: COMPLETED
            Queue->&gt;Operator: Webhook / push notification
        else Device offline or timeout
            Queue->&gt;Queue: Wait for acknowledgement
            note">Note over Queue: Timeout window expires
            Queue->&gt;Platform: Mark command TIMED_OUT
            Platform->&gt;Operator: Alert: command not acknowledged
        end
    end