Blog
How to
How TagoIO Works
People often ask us for an overview of how TagoIO works. We've been putting off answering that, because we kept evolving and improving! But now that our architecture has matured, we're ready to share the complete picture.
TagoIO Team
Oct 15, 2025
Let's walk through the entire TagoIO system from bottom to top, the same way we built it (but skipping some of the experimental paths we took along the way). With this information, you should understand how to build production-ready IoT solutions on TagoIO... except you don't have to start from scratch, since our platform offers a flexible free plan and handles all the infrastructure complexity for you.
The Foundation
Our base layer is designed to accept data from virtually any IoT device, regardless of the communication protocol it uses. TagoIO supports over 500 different types of IoT devices through what we call Networks and Connectors—the two fundamental components that handle device integration.
A Network represents the communication protocol or integration method (LoRaWAN, NB-IoT, CAT-1, CAT-M, Sigfox, BLE, WiFi, MQTT, HTTP, satellite networks like Myriota, skylo, or Kineis, and many others). A Connector is the pre-configured decoder that understands how to parse data from specific device manufacturers.
Here's what makes this powerful: when your temperature sensor sends data via LoRaWAN, or your GPS tracker transmits via satellite, or your industrial equipment reports via MQTT, TagoIO automatically routes that data through the appropriate network integration and connector to decode it into a standardized format.
Why This Matters: The Traditional Approach
Traditionally, IoT developers face a painful integration challenge. Imagine you're building a smart city solution. You have:
Environmental sensors using LoRaWAN
Traffic cameras sending analyzed data via HTTP
Smart meters communicating through NB-IoT
Legacy equipment that only speaks Modbus
Without a platform like TagoIO, you'd need to:
Build separate backend endpoints for each protocol
Write custom parsers for each device manufacturer's data format
Maintain different database schemas for different device types
Create multiple authentication systems
Build redundant visualization and alerting systems for each device type
That's an enormous amount of infrastructure work before you even start building your actual application.
The TagoIO Approach: Unified Device Management
Instead, TagoIO provides a single unified interface. Here's what happens when a device sends data:
Device transmits data using its native protocol (LoRaWAN, HTTP POST, MQTT publish, etc.)
Network integration receives the data at TagoIO's global endpoints
Connector decodes the manufacturer-specific payload into standard variables
Device bucket stores the decoded data in optimized time-series storage
Your application can immediately access, visualize, and act on this data
The beauty of this system is that whether you have 10 devices or 10,000 devices using 20 different protocols, they all flow through the same elegant pipeline. You write your application logic once, and it works across all your device types.
The Data Layer: Flexible Storage Architecture
Once data arrives at TagoIO, it will be stored efficiently. We offer two distinct storage architectures for massive data coming from IoT devices, each optimized for different use cases.
Mutable Devices: Traditional IoT Storage
Mutable devices work like a traditional database table. Each data point can be created, read, updated, or deleted. This is perfect for:
Configuration parameters that change occasionally
Device metadata and status information
Small to medium-scale deployments
Applications requiring full CRUD operations
Limited to 50,000 data registers
Think of mutable devices as your go-to solution for straightforward IoT applications where you need flexibility and don't expect massive data volumes.
Immutable Devices: High-Performance Time-Series
Immutable devices are designed for high-throughput sensor data. Once written, data cannot be modified—only created and read. This architectural decision enables dramatic performance improvements:
10-100x faster ingestion compared to mutable storage
Automatic data retention policies (chunk by day, week, month, or quarter)
Optimized queries for time-series analysis
Lower storage costs at scale
When you're collecting GPS coordinates every 10 seconds, temperature readings every minute, or industrial sensor data at high frequency, immutable devices handle millions of data points effortlessly.
The choice between mutable and immutable isn't either/or. Many solutions use both: immutable devices for high-volume sensor telemetry, and mutable devices for device configuration and metadata.
Entities: Next-Generation Database
For applications requiring complex data structures beyond simple time-series, TagoIO offers Entities—our next-generation database system. Entities provide:
Custom schemas with flexible field types
Relational data modeling capabilities
Advanced querying and filtering
High-performance operations on structured data
Entities are ideal for building applications like asset management systems, inventory tracking, user profile storage, or any scenario where your data doesn't fit the traditional IoT device model.
Note: The combination of mutable devices, immutable devices, and entities gives you the flexibility to optimize storage for each type of data in your application. Use immutable for high-frequency telemetry, mutable for configuration and metadata, and entities for relational data structures. This architectural flexibility is key to building applications that scale efficiently.
The Intelligence Layer: Analysis and Automation
Collecting and storing data is just the beginning. The real value comes from processing that data intelligently. This is where TagoIO's Analysis and Actions modules come in.
Analysis: Serverless Compute for IoT
Analysis provides a serverless JavaScript or Python environment where your code runs in response to events. Think of it as AWS Lambda, but designed specifically for IoT workflows.
Each Analysis is a single-file script that can:
Process incoming device data in real-time
Make decisions based on sensor readings
Call external APIs and services
Write data back to devices
Trigger workflows across your entire IoT ecosystem
For example, you might write an Analysis that:
Monitors temperature sensors across a factory
Calculates rolling averages and anomaly scores
Checks readings against safety thresholds
Sends alerts when conditions are abnormal
Automatically adjusts HVAC systems to compensate
The key insight is that Analysis scripts run in the cloud, triggered by device events, on schedules, or via API calls. You don't manage servers, containers, or infrastructure—you just write the logic.
Actions: Event-Driven Automation
While Analysis handles computation, Actions handle automation. Actions are powerful if-this-then-that rules that trigger automatically based on conditions you define.
Actions can be triggered by:
Device data conditions: Temperature exceeds threshold, GPS enters geofence, battery drops below 20%
Resource events: New device created, user account modified, file uploaded
Time-based schedules: Daily reports, weekly summaries, monthly aggregations
Usage alerts: Approaching data limits, API quota warnings
When triggered, Actions can:
Run Analysis scripts
Send emails, SMS, or push notifications
Post to external webhooks
Publish MQTT messages
Send WhatsApp messages via Twilio
Queue tasks to AWS SQS
The power of Actions is in their simplicity—you define the business logic once, and TagoIO handles all the monitoring, triggering, and execution automatically, 24/7.
The Visualization Layer: Dashboards and Widgets
Data and intelligence mean nothing if users can't see and interact with them. TagoIO's Dashboard system provides the visualization layer of the platform.
Drag-and-Drop Dashboard Builder
Creating dashboards in TagoIO doesn't require front-end development. Our visual builder lets you:
Drag widgets onto a canvas
Configure data sources with a few clicks
Customize colors, layouts, and styling
Add interactivity and user controls
Deploy to users instantly
We provide dozens of pre-built widgets:
Real-time charts (line, bar, column, gauge, donut)
Maps with device location tracking
Tables with filtering and sorting
Input forms for device control
Custom HTML for specialized needs
The critical feature here is the Blueprint system. Build one dashboard template, then automatically deploy it to hundreds or thousands of devices. Update the blueprint, and all instances update. This is how you scale from a proof-of-concept to a production deployment with thousands of end users.
TagoRUN: White-Label Deployment
When you're ready to deploy your solution to customers, TagoRUN transforms your TagoIO application into a fully white-labeled product.
With TagoRUN, you can:
Use your own custom domain (app.yourcompany.com)
Apply your company branding, colors, and logo
Control exactly what features users can access
Manage user authentication and permissions
Provide mobile app access through the TagoRUN mobile app
Your customers see your brand, not TagoIO. They log in to your portal, see your styling, and use your product—while you benefit from TagoIO's enterprise-grade infrastructure underneath.
This is particularly powerful for companies building IoT products or services for their own customers. You develop once on TagoIO, then deploy to thousands of end users as a completely white-labeled solution.
The Security Layer: Authentication and Access Control
Security in IoT is complex because you're not just securing a web application—you're securing thousands of devices, each with unique authentication requirements, plus user access to dashboards and data.
Device Authentication: Tokens and Security
Every device in TagoIO authenticates using secure tokens. When you create a device, you generate an authorization token—a cryptographic string that grants that specific device permission to send data to its bucket.
For enterprise deployments, TagoIO also supports machine certificates for even stronger device authentication.
User Authentication: SSO and Identity Providers
For human users accessing dashboards and managing the platform, TagoIO integrates with your existing identity provider:
OAuth2 and OpenID Connect support
SAML for enterprise SSO
Pre-built integrations with Google, Microsoft, Okta, and others
Two-factor authentication (2FA) support
The critical advantage is that TagoIO doesn't store your user passwords. Authentication is always delegated to your chosen identity provider. When an employee joins or leaves your company, they gain or lose TagoIO access automatically through your identity provider. No manual account management needed.
Access Management: Granular Permissions
Once authenticated, Access Management controls what users can do and see. TagoIO's permission system is remarkably flexible:
Resource-level permissions: Which dashboards, devices, analyses, and actions can this user access?
Role-based access control (RBAC): Define roles like "Operator," "Manager," "Administrator" with different permission sets
Tag-based access: Grant access to groups of devices using tags (e.g., all devices with tag "region:europe")
Custom permission logic: Use Analysis scripts to implement complex permission rules
For example, in a smart building application:
Building tenants see only their own floor's sensor data
Facility managers see all floors but can't modify system settings
System administrators have full access to all devices and configurations
This granular control is essential for multi-tenant applications, enterprise deployments, and compliance requirements.
Note: Access Management works seamlessly with tags. You can grant a user access to "all devices tagged region:north-america" without manually updating permissions every time you add a new device. Add the tag to a new device, and the user automatically gains access. This tag-based approach is critical for applications that scale to thousands of devices and users.
The Integration Layer: Connecting to the World
No IoT platform exists in isolation. TagoIO applications need to integrate with payment systems, CRM platforms, ERP systems, weather services, external databases, and countless other systems.
RESTful API: Full Platform Control
TagoIO provides a comprehensive RESTful API that exposes virtually every platform capability:
Create, read, update, delete devices and data
Trigger Actions and Analysis
Generate authentication tokens
Manage users and permissions
Create and modify dashboards
The API uses standard HTTP with JSON payloads, making it easy to integrate from any programming language or platform.
MQTT Broker: Real-Time Bidirectional Communication
For real-time device communication, TagoDeploy includes a built-in MQTT broker. MQTT is the de facto standard for IoT messaging, and TagoIO's implementation lets you:
Publish data from devices to topics
Subscribe to topics from devices or applications
Implement command-and-control patterns
Build real-time responsive systems
The MQTT integration is fully authenticated using device tokens and supports both QoS 0 (fire-and-forget) and QoS 1 (acknowledged delivery).
Webhook Actions: Push Integration
Rather than external systems polling TagoIO's API, you can push data out through webhook Actions. When conditions are met, TagoIO makes HTTP POST requests to your external endpoints with device data and event information.
This pattern is perfect for:
Sending data to external analytics platforms
Triggering workflows in other systems
Updating external databases in real-time
Integrating with payment processors when IoT events occur
Pre-Built Integrations
TagoIO also provides pre-built integrations with popular services:
LoRaWAN network servers (The Things Network, Netmore, Loriot, Chirpstack, AWS IoT Core for LoRaWAN)
Satellite IoT providers (Myriota, Kineis, skylo)
Communication services (Twilio for SMS/WhatsApp, SendGrid for email)
These integrations work out-of-the-box, eliminating weeks of integration development time.
The Deployment Layer: Where Your Application Runs
We've discussed what TagoIO does, but where does it run? This is where architecture meets business model.
Multi-Tenant Cloud: Fast Start, Low Cost
When you sign up at admin.tago.io, you're using TagoIO's multi-tenant cloud. Your account shares infrastructure with other TagoIO users (with complete data isolation and security, of course).
This model is ideal for:
Quick prototyping and testing (start in minutes)
Small to medium deployments
Cost-effective scaling
Zero infrastructure management
The multi-tenant model uses shared infrastructure efficiently, which is why TagoIO can offer such powerful capabilities in the free tier. As you scale, you pay only for what you use.
TagoDeploy: Single-Tenant Dedicated Infrastructure
For enterprise deployments requiring dedicated infrastructure, TagoDeploy offers a single-tenant architecture. With TagoDeploy, you get:
Dedicated cloud infrastructure exclusively for your organization
Regional deployment options: Ireland, Canada, Germany, Japan, Singapore, Australia, São Paulo
Full control over updates and platform versions
Optimized costs for high-volume data processing (often 10x cheaper than multi-tenant at scale)
Enhanced compliance for regulated industries
Customization options not available in multi-tenant
TagoDeploy runs the complete TagoIO platform on dedicated cloud resources. It's the same powerful platform, just deployed exclusively for your use case.
The choice between multi-tenant and single-tenant isn't permanent. Many companies start with multi-tenant for development and testing, then migrate to TagoDeploy for production when they've validated their solution and are ready to scale.
Scaling to Production: How TagoIO Handles Massive Deployments
Let's address the question that matters most when you're building a real business: How does TagoIO scale from 10 devices to 10,000 devices without requiring you to rebuild your application?
This is where most IoT platforms fall apart. You build a proof-of-concept that works beautifully with 50 test devices, then try to deploy to production with thousands of devices and discover you need to completely re-architect everything. Permissions become a nightmare. Dashboards need to be manually created for each customer. Actions need to be duplicated hundreds of times with slight variations.
TagoIO was designed from day one to handle this scaling challenge through three key architectural features: Tags, Blueprint Dashboards, and Tag-Based Triggering.
Real-World Scenario: Fleet Management at Scale
Imagine you're building a fleet management platform for a logistics company that's rapidly expanding. You started with a pilot program monitoring 50 trucks. It worked so well that now you need to scale to:
5,000 trucks across 12 regional depots
2,000 users including drivers, regional managers, and executives
Multiple customers using your white-labeled platform (you're not just managing one fleet—you're building a fleet management service for multiple logistics companies)
Let's see how TagoIO's architecture handles this scaling challenge.
Tags: The Foundation of Scale
Every resource in TagoIO (devices, dashboards, actions, analyses, users) can be tagged with key-value pairs. This might seem like a simple metadata feature, but it's actually the architectural foundation that makes scaling possible.
When you create a truck device, you tag it with descriptive labels: asset type (truck), region (northeast), depot (boston), customer (acme_logistics), vehicle class (refrigerated). These simple tags unlock powerful automation.
Now here's where it gets powerful:
1. Automatic Permissions Instead of manually granting each regional manager access to their specific 500 trucks, you create one permission rule:
Regional Manager (Northeast) has access to all devices with tag
region:northeast
Add a new truck to the Boston depot? Tag it region:northeast and the regional manager automatically gets access. No permission updates needed. Scale to 5,000 trucks? Still just one permission rule.
2. Targeted Actions Instead of creating 5,000 separate Actions (one per truck), you create Actions that trigger based on tags. For example, a single "Temperature Alert for Refrigerated Fleet" Action can monitor all trucks tagged as "refrigerated" vehicles. If the temperature exceeds 4°C, it sends an SMS to the driver and emails the depot manager.
One Action configuration monitors all refrigerated trucks across all regions. Add 500 new refrigerated trucks? They're automatically monitored by the existing Action the moment you tag them correctly.
3. Filtered Dashboards A regional manager's dashboard can show "all trucks where tag region:northeast". As trucks are added, removed, or reassigned to different regions (just change the tag), the dashboard automatically updates. No manual dashboard reconfiguration needed.
4. Bulk Operations Need to update firmware settings on all trucks in the Northeast region? Query all devices with the "northeast" region tag and update them all at once. No need to manually select thousands of individual devices.
Tags transform manual, per-device configuration into automated, policy-based management. This is how you go from managing 50 devices to managing 5,000 without proportionally increasing operational complexity.
Blueprint Dashboards: Deploy Once, Scale Forever
Now let's tackle the dashboard problem. With 5,000 trucks and 2,000 users, you can't manually create a dashboard for each truck or each user. This is where Blueprint Dashboards become essential.
Here's how it works:
Step 1: Create One Master Dashboard You design a single dashboard template—the "blueprint"—that shows truck telemetry:
Real-time GPS location on a map
Temperature and humidity graphs
Fuel level gauge
Engine diagnostics table
Driver status and alerts
This dashboard uses template variables instead of hardcoded device IDs. Instead of building a dashboard specifically for "truck 12345," you build it for "DEVICEIDDEVICE_ID DEVICEID"—a placeholder that gets replaced with the actual device when the dashboard is deployed.
Step 2: Define Blueprint Assignment Rules You tell TagoIO: "Create an instance of this blueprint dashboard for every device tagged asset_type:truck"
Step 3: Automatic Dashboard Deployment TagoIO automatically creates 5,000 dashboard instances—one for each truck—each connected to the correct device. Add a new truck? A new dashboard instance is created automatically.
Step 4: User Access via Tags Assign dashboard access using tags:
Drivers see only the dashboard for their assigned truck (via tag
assigned_driver:john_doe)Regional managers see dashboards for all trucks in their region (via tag
region:northeast)Executives see a summary dashboard aggregating data from all trucks
Step 5: Update Once, Deploy Everywhere Here's the magic: when you improve the blueprint (add a new widget, change a layout, fix a bug), all 5,000 dashboard instances update automatically. You maintain one dashboard, but 5,000 users benefit from your improvements instantly.
The Complete Scaling Picture
Let's see how tags and blueprints work together in our fleet management scenario:
Onboarding a New Customer (Acme Logistics - 1,000 trucks)
Traditional Approach:
Manually create 1,000 devices
Manually configure 1,000 dashboards
Manually set up permissions for 400 users
Manually create Actions for each device
Estimated time: 2-3 weeks of manual configuration
TagoIO Approach:
Bulk create 1,000 devices with appropriate tags using TagoIO's API
Dashboards auto-generate from existing blueprint (no manual configuration needed)
Create one permission policy per region that automatically grants access based on tags
Existing Actions automatically apply based on device tags (no duplication needed)
Estimated time: 2-3 hours
Managing 5,000 Trucks Across 12 Regions
One blueprint dashboard → 5,000 dashboard instances
Twelve permission policies (one per region) → 2,000 users with correct access
15 Actions monitoring different conditions → apply to all relevant trucks automatically
One Analysis processing geofence logic → handles all trucks regardless of count
The operational complexity stays constant even as device count grows exponentially.
Tag-Based Action Triggering: The Key to Scalable Automation
Remember earlier when we discussed Actions? Here's where tag-based triggering becomes critical at scale.
Instead of creating device-specific Actions—"Temperature alert for truck_001," "Temperature alert for truck_002," and so on for 5,000 trucks—you create tag-based Actions.
Create one Action called "Temperature Alert - Refrigerated Fleet" that triggers on any device tagged as a refrigerated vehicle when temperature exceeds 4°C. One Action monitors thousands of devices automatically.
But here's what makes this truly powerful:
Dynamic Targeting Need different temperature thresholds for different regions due to climate variations? Create two Actions:
"Temperature Alert - Hot Climate Regions" triggers on refrigerated vehicles in the Southwest region when temperature exceeds 6°C
"Temperature Alert - Cold Climate Regions" triggers on refrigerated vehicles in the Northeast region when temperature exceeds 2°C
Two Actions, 5,000 trucks, each with the correct threshold based on their region tag. Add 500 trucks to the Southwest region? They automatically get the hot climate threshold.
Incremental Rollouts Testing a new alert mechanism? Add a tag beta_participant:true to 50 trucks, create an Action that triggers only on that tag, validate it works, then roll it out to all trucks by removing the tag filter.
Customer-Specific Logic Different customers may have different compliance requirements. You can create separate Actions that trigger only for specific customers:
"Compliance Alert - Pharmaceutical Customer" triggers on pharmaceutical company trucks when temperature exceeds 2°C and sends a certified email for FDA compliance
"Standard Alert - Other Customers" triggers on all other refrigerated trucks when temperature exceeds 4°C and sends a standard SMS notification
This way, each customer automatically gets the appropriate level of alerting based on their compliance needs, all managed through tags.
Why This Matters: The Economics of Scale
Let's talk numbers. Without tag-based architecture and blueprints:
Manual Approach Costs:
Dashboard creation: 5,000 trucks × 30 minutes = 2,500 hours
Permission management: 2,000 users × 15 minutes = 500 hours
Action configuration: 5,000 Actions × 10 minutes = 833 hours
Updates/maintenance: 20% recurring monthly overhead
Total first-year cost: ~$150,000 in labor (at $50/hour)
TagoIO Approach Costs:
Initial setup: 40 hours (blueprints, tag strategy, permissions)
Per-truck deployment: Automated via API
Ongoing maintenance: 5 hours/month (update blueprints, modify Actions)
Total first-year cost: ~$5,000 in labor
The 30x cost difference isn't even the main benefit. The real advantage is agility. When business requirements change (and they always do), you update one blueprint or one Action, not 5,000 configurations. You can iterate and improve rapidly because you're managing policies, not individual instances.
Scaling Beyond Devices
What if you're not just managing one fleet—you're building a fleet management platform as a service for multiple customers?
Tags and blueprints make this possible too:
Tag devices by customer:
customer:acme_logistics,customer:global_shipping, etc.Use TagoRUN to deploy white-labeled portals for each customer
Each customer sees only their devices (filtered by customer tag)
One blueprint dashboard serves all customers with customer-specific data
One codebase supports unlimited customers
This is how you go from building an IoT application to building an IoT platform business. The architecture scales both technically (handling more devices) and commercially (handling more customers).
Note: The tag-based architecture isn't just about scale—it's about maintainability. Six months after deployment, when you need to add a new feature or fix a bug, you'll be grateful you built it this way. Change once, deploy everywhere.
An entire system—handling thousands of devices, processing millions of data points, providing real-time visualization, and maintaining compliance—can be built without managing a single server, database, or infrastructure component. That's the power of a full-stack IoT platform.
Why This Architecture Matters
You might be wondering: couldn't I just build this myself with AWS, a database, and some custom code?
Technically, yes. Just like you could technically build your own VPN system or your own CRM. But here's what you'd actually need to build:
Multi-protocol device connectivity layer with authentication and security
Optimized time-series databases with automatic retention and partitioning
Serverless compute environment with event-driven triggering
Visual dashboard builder with dozens of widget types
Real-time data pipeline with sub-second latency
User authentication and granular permission system
White-label deployment infrastructure
Mobile applications for iOS and Android
Global infrastructure with edge caching and CDN
24/7 monitoring, security updates, and support
Conservative estimate: 2-3 years of development time, a team of 8-12 engineers, and millions in development cost. Then ongoing operational costs, security maintenance, and feature development.
Or you could use TagoIO and ship your application in weeks.
The architectural choices we've made—separating the data plane from the control plane, hybrid mutable/immutable storage, serverless Analysis with declarative Actions, visual dashboards with white-label deployment—aren't arbitrary. They're the result of years of experience building production IoT systems and understanding what developers actually need.
Getting Started: It's Easier Than You Think
The best part? You can start using everything we've discussed today, right now, for free.
Sign up at admin.tago.io
Create your first device
Send some data (we provide emulators for testing)
Build a dashboard to visualize it
Add an Analysis or Action to process it
The free plan includes most features we've discussed. As you scale, you pay only for what you use, and you can upgrade to TagoDeploy when you need your own dedicated infrastructure.
Whether you're building a proof-of-concept for a client, deploying an IoT product to customers, or managing thousands of devices in production, TagoIO's architecture is designed to grow with you—from prototype to planet-scale.
Check out our documentation or join the community forum where thousands of developers share solutions and best practices.
TagoIO Team
