> For the complete documentation index, see [llms.txt](https://developer.magtek.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://developer.magtek.com/hardware/card-readers/mms-dyna-devices/emv-common-kernel/dynaflex-ii-go/documents/user-manuals/web-hid-mqtt-wss-demo-app-user-guide/using-the-demo-pages.md).

# Using the Demo Pages

These instructions detail the operational steps once all necessary configurations (Section 2) are complete. If connecting via USB HID, the steps listed in section 2 can be skipped.

### HID MMS Demo (Direct USB HID) <a href="#bookmark10" id="bookmark10"></a>

The Human Interface Device (HID) protocol enables driverless plug-and-play connectivity for your device via USB.

* Ensure the device is powered on and connected via USB.
* If this is the first time, you may have to pair the device in the Chromium browser, which involves granting the website permission via a pop-up prompt.
* From the Demo Application, select Open, and choose the appropriate device. A green check mark confirms the device is successfully opened.
* From the command dropdown menu, select a command such as DynaFlex: START EMV ALL.
* Select Send Command to execute the action.
* Insert or tap a test card and monitor the transaction log for the response.

<figure><img src="/files/AvrQgQgByHpPqgGT4YgZ" alt=""><figcaption></figcaption></figure>

<p align="center"><img src="/files/8GFFAHZslTQfTasWjQBW" alt=""><br></p>

<p align="center"><strong>Figure 3 - HID MMS Demo</strong></p>

### MQTT

Message Queuing Telemetry Transport (MQTT) is a lightweight messaging protocol commonly used for Internet of Things (IoT) applications. It provides efficient, reliable communication between devices and applications, even in environments with limited connectivity. IMPORTANT: DynaFlex II PED is the only device that supports native MQTT. All other Dyna Devices must use the HID MQTT Device Client.

Key characteristics include:

* Publish/Subscribe model – Devices publish data to a central broker; applications subscribe to receive data.
* Low overhead – Messages are compact and efficient, suitable for embedded systems.
* Real-time updates – Events such as card insertions are transmitted immediately to the Demo Application.
* Cross operating system and cross browser connectivity: MQTT ensures seamless interaction because it is platform-agnostic, meaning devices running Windows, Linux, macOS, or embedded OS, and applications running in different browsers, can all connect and exchange messages reliably.

Within the HID MQTT Device Client and MQTT MMS Demo, this protocol enables MagTek MMS devices (e.g., Dyna Family Devices) to securely communicate via MQTT across operating systems.

<figure><img src="/files/zzIzJ0Y5LVOkaiTkbnRa" alt=""><figcaption></figcaption></figure>

<p align="center"><strong>Figure 4 - MQTT Geographic Map</strong></p>

<figure><img src="/files/wSOzmV15fpr7fU868epl" alt=""><figcaption></figcaption></figure>

<p align="center"><strong>Figure 5 - MQTT MMS Demo</strong></p>

#### Components:

* Configured Device – Identifies the active device.
* Status Indicator – A green check mark indicates a successful connection.
* Options – Auto Start, EMV, NFC, and MSR session checkboxes.
* Command Data – Field for entering or pasting hexadecimal command data.
* Controls – Dropdown for pre-defined commands (e.g., START EMV) and Send Command button.
* Device Instances – Displays connected devices with selectable IDs.
* File Upload – Allows uploading of command scripts or batch test files.

#### Example Command Data (Hexadecimal): (Start Transaction command (arms Contact, Contactless and MSR interfaces))

```
AA008104010010018430100182013CA30981010182010183010184020003861A9C0100 
9F02060000000001009F03060000000000005F2A020840
```

The command above, and others can be selected from the pulldown menu. The Choose File button allows the user to upload custom commands from a file. This screen also confirms device recognition, command formatting, and connectivity prior to further testing.

### HID MQTT Device Client <a href="#bookmark14" id="bookmark14"></a>

The HID MQTT Device Client acts as a communication gateway that transforms your locally connected MagTek device (via USB HID) into a remote asset. This allows other applications to access the device securely via the MQTT protocol. IMPORTANT: DynaFlex II PED is the only device that supports native MQTT which means it does NOT need to use the HID MQTT Device Client.

* Power on and connect the device via USB.
* Open the HID MQTT Device Client page.
* Select Open within the client.
* Scan the QR code or select the provided link to open the separate MQTT Device Demo Application.
* From the MQTT Device Demo Application’s dropdown, select the required command, or use Choose File to upload a custom command script.&#x20;
* Select Send Command to execute the command remotely.

<figure><img src="/files/KYG18OPcP8JHCVRoAw0Y" alt=""><figcaption></figcaption></figure>

<p align="center"><strong>Figure 6 - HID MQTT Device Client</strong></p>

The MQTT Geographic Map displays device location and status for connected units, see Figure .

<br>

### 2.1           MQTT Configuration Page <a href="#bookmark15" id="bookmark15"></a>

The MQTT Configuration page provides controls and parameters necessary for device operation over MQTT.

* Device Status Panel – Displays device information (model, name, IP address, SSID) and records configuration progress.
* Controls – Includes Open, Save Config, Reset Device, Close, and Clear.
* Wi-Fi Settings – SSID and password configuration.
* MQTT Credentials – Org Node, username, and password for broker authentication.
* Once configuration is complete and saved, the user may proceed to execute commands such as Start EMV. See Figure 7 - MQTT Configuration.

<figure><img src="/files/DpBFLI5ve7x3m2n4XqUz" alt=""><figcaption></figcaption></figure>

<p align="center"><strong>Figure 7 - MQTT Configuration</strong></p>

### WSS Certificate and Trust

This interface is used to configure secure communication with WebSocket transport using TLS or mTLS. Functions include:

* &#x20;Network Settings – Get DHCP and Set SSID.
* Wi-Fi Setup – Retrieve or assign SSID and password credentials.
* Certificate and Trust Management – Load TLS/mTLS certificates, verify certificates, and generate or sign Certificate Signing Requests (CSR).
  * For NonTLS connection,
    * Click Load NoTLS Trust
    * Next, reset the device.
  * For TLS/mTLS connections,
    * Click Load TLS Trust or Load mTLS Trust
    * Next, click Get & Sign CSR
    * Next, reset the device.
* Controls – Open, Close, Clear, and Reset Device.
* Device Identity – Display or update the registered device name and IP address.
* Root CA Download – Provides access to the root certificate authority file for verification.

{% hint style="warning" %}
**Error Condition:** If the status window displays *“OpenDevice No HID device selected or found”*, ensure the reader is connected via USB HID prior to attempting certificate operations.
{% endhint %}

<p align="center"> <img src="/files/jsC7avNu8EZsyJpPHgCv" alt=""></p>

<p align="center"><strong>Figure 8 - WebSocket Certificate and Trust Configuration</strong></p>

### Technical Notes on WSS Hostname Resolution and Certificate Lifecycle&#x20;

When using WSS (WebSockets over SSL/TLS) with DynaFlex devices, the following technical considerations are critical for IT teams to ensure reliable and secure communication.

#### Hostname Constraint and Certificate Matching

The default SSL certificate pre-installed on DynaFlex devices is uniquely generated for each device and tied to a hostname in the format df-\[SerialNumber] (e.g., df-1234567). This certificate is used to establish the WSS connection.

* SSL/TLS certificates are literal. The browser (or any WebSocket client) validates that the hostname used in the connection URL exactly matches the certificate's Subject Name or Subject Alternative Name (SAN). If the URL uses wss\://df-1234567/ but the network appends a domain suffix (e.g., df-1234567.office.lan), the browser will reject the connection as insecure because the names do not match.
* IP addresses cannot be used. Connecting via wss\://192.168.1.50/ will trigger a SAN missing error because the certificate is issued to a name, not an IP address.

Therefore, the network must be configured to resolve the short hostname (e.g., df-1234567) to the device's IP address. The following options are available:

* Option A: Global Search Suffix (Recommended)\
  Configure the DHCP server to add a Connection-Specific DNS Suffix (via DHCP Option 15/119). This allows client computers to automatically map the short name to the device without manual DNS entries.\
  \&#xNAN;*Action:* Add your local domain to the DHCP option list so that df-\[SerialNumber] resolves correctly.
* Option B: The "Trailing Dot" Override\
  If DNS search suffixes are misconfigured or polluted, you can force the browser to look for the bare hostname by appending a trailing dot to the URL.\
  \&#xNAN;*Standard URL:* wss\://df-12345678/ (the OS may append the domain)\
  \&#xNAN;*Forced URL:* wss\://df-12345678./ (the trailing dot forces an exact hostname lookup)
* Option C: CNAME or A-Record in Local DNS\
  For networks with a central DNS server, create a static entry.\
  \&#xNAN;*Action:* Create a forward lookup zone with an A record (or CNAME) for df-\[SerialNumber] pointing to the device's static IP address.

#### &#x20;Certificate Expiration and Renewal Strategy

The WSS connection relies on a server certificate installed on the device. As of this writing, the demo application signs certificates with a validity period of 13 months. After expiration, any WSS communication will fail silently due to browser security policies—no manual override is possible for WebSocket connections.

* Best Practice: Certificates must be replaced before they expire. A certificate update strategy must be employed when deploying devices in production using WSS.
* Renewal Process: Use the WSS Certificate and Trust page to generate a new Certificate Signing Request (CSR) and load a renewed certificate. Refer to the steps for loading TLS trust and resetting the device.
* Monitoring: Implement monitoring to alert administrators when certificate expiration is approaching (e.g., 30 days prior).

By adhering to these hostname resolution and certificate lifecycle guidelines, you ensure uninterrupted and secure WSS communication with your DynaFlex devices.

<p align="center"> </p>

&#x20;


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developer.magtek.com/hardware/card-readers/mms-dyna-devices/emv-common-kernel/dynaflex-ii-go/documents/user-manuals/web-hid-mqtt-wss-demo-app-user-guide/using-the-demo-pages.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.