Looking to integrate industrial data with modern web applications? Here's the gist: Kepware collects OPC UA data from industrial devices, while Ignition processes and shares it as REST APIs. Together, they bridge industrial systems with web tools like dashboards, mobile apps, and cloud analytics.
Key Takeaways:
system.net.httpPost) or tools like DreamFactory to expose data as REST APIs.
The guide also covers optimizing performance, troubleshooting connection issues, and ensuring security for production environments.
Let’s dive into the details to help you create reliable, secure, and scalable data pipelines.
To fully grasp the integration process, it's essential to understand how OPC UA, Kepware, and Ignition work together in an industrial setting. Here's an overview of each component and its role in streamlining communication and data management.
OPC UA, or Open Platform Communications Unified Architecture, is a protocol designed for secure, reliable communication between industrial devices. Whether you're dealing with PLCs, sensors, or HMIs, OPC UA enables seamless exchange of real-time data.
What sets OPC UA apart is its ability to transmit both data and metadata. For instance, it doesn't just provide a temperature reading - it also includes details about the sensor, its location, and the quality of the data. This added layer of information is invaluable for monitoring and diagnostics.
At its core, OPC UA operates on a client-server model. Servers make data available, while clients retrieve and use it. The protocol supports a wide range of data types, from basic numbers to complex structured data.
Security is a key feature of OPC UA. Through certificate-based authentication and encryption, it ensures that sensitive operational data remains protected, addressing one of the primary concerns in industrial environments.
While OPC UA sets the standard for communication, Kepware plays a critical role in gathering and formatting the data.
Kepware acts as a bridge between field devices and higher-level applications, functioning as an industrial connectivity platform. Its primary role is to convert various industrial protocols into a standardized OPC UA format.
Running as a Windows service, Kepware can connect to a wide range of devices simultaneously - everything from older serial-based equipment to modern Ethernet-capable devices. Its extensive driver library, which supports over 150 communication protocols, is one of its standout features.
When configured as an OPC UA server, Kepware makes the collected data accessible through standardized endpoints. It handles complex tasks like protocol conversion, connection management, and data buffering, so you don't have to deal with the intricate details of device communication.
Kepware also offers data transformation tools, allowing you to process raw device data before it's sent to clients. For example, you can scale, offset, or apply mathematical functions to the data, reducing the workload for downstream systems.
Ignition, developed by Inductive Automation, is a web-based SCADA platform that brings data acquisition, visualization, and reporting into one cohesive solution. It simplifies industrial data management by providing universal access and streamlined processing.
One of Ignition's standout features is its dual role as both an OPC UA client and server. This means it can pull data from sources like Kepware while also sharing data with other applications. This versatility makes it an excellent hub for integrating industrial systems.
The platform's Gateway serves as the central processing unit, managing database connections, tag organization, and web services. Ignition uses a tag-based system, assigning unique identifiers to each data point, which makes it easier to manage and retrieve data from multiple sources.
For web integration, Ignition offers WebDev modules, enabling the creation of custom web services and handling HTTP requests. Additionally, its support for JSON and XML formats allows industrial data to be shared in formats that are easy to use in web-based applications.
Getting your system ready with the right hardware, software, and configurations is a crucial step for connecting OPC UA data to REST APIs effectively.
Both Kepware and Ignition have specific system requirements, so it's important to ensure compatibility before proceeding.
For Kepware (KEPServerEX), you'll need a Windows-based system. Supported versions include:
Keep in mind that Windows Server 2025 hasn’t been officially validated for KEPServerEX as of January 16, 2025, though no compatibility issues have been flagged yet. Additionally, if you’re using Hardware Key licensing, be aware of potential errors when running on Windows 11 or Windows Server 2022.
For Ignition, the platform offers more flexibility. Its latest version (v8.3.0, released September 16, 2025) supports:
Ignition requires at least a dual-core processor and supports databases like Microsoft SQL Server, Oracle, MySQL, MariaDB, PostgreSQL, and any database with a JDBC driver. Choose a database that aligns with your infrastructure and performance needs.
Network setup is another key factor. Ensure your firewall allows communication on required ports, especially port 49320, which is Kepware's default OPC UA server port. Plan your network layout to reduce latency between Kepware, Ignition, and connected devices.
Once the system is ready, you can move on to installing and configuring Kepware.
Installing Kepware is a foundational step for enabling data communication. Follow the instructions in either the Kepware+ Installation Guide or the ThingWorx Kepware Server Install Guide. During installation, you’ll set up credentials, which are essential for configuration and testing. Local access to the Kepware Server is required for licensing and specific setup tasks.
To configure OPC UA settings, locate the KEPServerEX icon in your system tray or desktop, right-click, and select "OPC UA Configuration". You’ll need to log in using the credentials you created during installation.
In the OPC UA Configuration Manager, focus on these key areas:
opc.tcp://localhost:49320, while the network endpoint isopc.tcp://[YourIPAddress]:49320.
Test your setup by browsing the OPC UA server locally. Verify that the devices and data points appear in the proper hierarchy.
With Kepware configured, you’re ready to set up Ignition to connect securely.
Ignition simplifies configuration with its web-based interface, making it easier to connect to Kepware compared to traditional SCADA systems.
Start by downloading and installing Ignition for your operating system. The installation process sets up the Gateway, which acts as the central hub for data processing and communication.
Once installed, access the Gateway Configuration through your web browser at http://localhost:8088. Navigate to the OPC UA Connections section, and create a new connection pointing to your Kepware server. Use the endpoint URL, such as opc.tcp://[KepwareServerIP]:49320.
To ensure smooth authentication, match the certificates in Ignition with the security settings you configured in Kepware. This alignment is key for establishing a secure connection.
As your system grows, plan your tag organization carefully. Ignition uses a tag-based structure where each data point from Kepware is assigned a unique identifier. A well-thought-out naming convention will help maintain order as more devices are added.
If you intend to create custom web services for REST API functionality, enable the WebDev modules. These modules handle HTTP requests and support JSON and XML formats, which are essential for converting OPC UA data into REST endpoints.
Finally, test the connection by browsing the OPC UA server from within Ignition. The device hierarchy and data points should match what you configured in Kepware. Use the Gateway logs during testing to identify and resolve any issues before deploying the setup in a production environment.
Once both systems are set up, the next step is linking Kepware's OPC UA server with Ignition's OPC UA client. This connection acts as a bridge, enabling smooth data exchange between your industrial devices and modern applications.
To start, open Ignition's Gateway Configuration interface. Head to OPC Connections > OPC UA and click Create new OPC UA Connection. Assign a clear, descriptive name like "Kepware_Production_Line" to make it easy to identify, especially in larger setups.
In the Endpoint URL field, input the address of your Kepware server. If both systems are on the same machine, use opc.tcp://localhost:49320. For networked setups, replace "localhost" with the Kepware server's IP address, such as opc.tcp://192.168.1.100:49320.
For security, choose Basic256Sha256 or Aes256_Sha256_RsaPss as the Security Policy for production environments. While you can use the None option for testing, avoid it when working with production data.
Certificate management plays a crucial role in secure OPC UA communication. When you first connect, Kepware and Ignition will exchange certificates, which may initially land in their respective Rejected folders. You'll need to manually move these certificates to the Trusted folders. In Kepware's OPC UA Configuration Manager, go to Trusted Clients and add Ignition's certificate. Similarly, in Ignition's Gateway, navigate to OPC UA > Security and trust Kepware's certificate.
If credentials are required, ensure they are entered correctly. For anonymous connections, leave these fields empty, but only use this approach in secure, isolated networks.
Once everything is configured, click Save and test the connection. A successful connection will show a green indicator and a status of Connected. If the connection fails, check the logs under Status > Logs for error details. For troubleshooting, refer to the next section.
Connection issues between Kepware and Ignition often boil down to a few common problems:
For deeper insights, enable verbose logging on both systems. Once issues are resolved, follow the security measures outlined below to maintain a secure connection.
After establishing a stable connection, securing it should be a top priority. Proper certificate handling, as described earlier, is a key step.
Consider isolating your Kepware and Ignition systems in a dedicated VLAN or DMZ to enhance security. This aligns with the Purdue Model (ANSI/ISA 95) guidelines.
OPC UA provides built-in security features like encryption, digital signatures, and user authentication to ensure data integrity and confidentiality. Always enforce the Principle of Least Privilege by granting only the minimum access necessary. Instead of using administrative accounts, create dedicated service accounts for Ignition's OPC UA connections. If possible, implement role-based access control to assign specific permissions to each client.
Encryption is essential for production environments. Configure the Ignition Gateway to use HTTPS for its web interface and ensure all OPC UA connections use encrypted security policies. Avoid using SecurityPolicy.None in systems handling sensitive data.
Enable detailed logging to monitor connection attempts, authentication events, and data access patterns. Regularly review these logs for unusual activity or repeated authentication failures.
Adopt a multi-layered defense strategy by combining network firewalls, secure application configurations, timely software updates, and staff training. Establish clear incident response protocols and periodically test your backup and recovery processes.
Schedule regular security reviews to identify vulnerabilities. Check certificate validity, user permissions, and network access controls. Keep Kepware and Ignition updated with the latest patches, and stay informed about potential threats by following vendor security bulletins.
With a secure connection in place, you can now leverage OPC UA data to create REST APIs that integrate effortlessly with modern web applications and cloud services.
Once you've established the Kepware-Ignition connection, the next step is transforming OPC UA data into REST API endpoints. This process connects traditional OPC UA systems with modern web technologies, making it easier to integrate with cloud platforms, mobile apps, and analytics tools. Here's how to map the data and automate API generation for this purpose.
The success of converting OPC UA data into REST APIs hinges on effective data mapping. After connecting to Ignition, you'll have access to OPC UA tags. These tags represent real-time data from industrial devices, like temperature readings, pressure levels, motor speeds, or production counts.
Start by identifying the OPC UA tags that hold the most value - these are typically the ones that change frequently or represent critical process variables. For instance, in a manufacturing setup, tags like Line1.Temperature, Line1.Pressure, and Line1.ProductionCount might be essential for monitoring.
Plan your API structure around how the data will be consumed. Organize endpoints logically, such as by equipment or data type (e.g., /api/equipment/line1/temperature). A clear structure makes the APIs more user-friendly for developers.
Also, consider grouping related tags into single API calls. For example, instead of making multiple requests for temperature and pressure data, a single call could return both values. This reduces network traffic and improves efficiency.
Once your mapping is complete, you can use tools like DreamFactory to automate the creation of REST APIs.
DreamFactory simplifies the process of creating REST APIs from OPC UA data by eliminating the need for manual coding. It automatically generates secure, well-documented RESTful endpoints from your data sources.
After connecting DreamFactory to your Ignition system, it can expose OPC UA data as REST APIs with full CRUD (Create, Read, Update, Delete) capabilities. This means you can interact with your data programmatically without building APIs from scratch.
Security is a key feature of DreamFactory. It uses role-based access controls, API key management, and OAuth integration to ensure only authorized users can access specific data points. Additionally, it enforces data integrity by securing connections and managing permissions.
Another advantage is the automatic generation of Swagger API documentation. This documentation includes parameter descriptions, response formats, and example requests, and it updates automatically whenever you modify your API structure.
Here’s a practical example of how to expose Kepware OPC UA data as REST APIs using Ignition’s scripting tools. In this case, we'll send temperature data from a manufacturing line to an external system.
system.net.httpPost to send data. Attach this function as a tag change script for real-time updates. The function should include parameters such as the OPC UA tag value, equipment identifier, and timestamp. Additionally, configure the target REST API system with an API token for secure data transfer.
machineId, attributeId, and value, extract the machine ID from the tag path, assign a predefined attribute ID for temperature, and pass the current tag value.
The system.net.httpPost method is crucial for REST API interactions within Ignition. Make sure your HTTP requests are properly formatted, with the correct headers, authentication tokens, and JSON payloads to match your target API's requirements.
After setting up RESTful API generation, the next step is to focus on creating an integration that can handle industrial-scale data while maintaining strong security. Manufacturing environments produce massive amounts of data, and ensuring this data is processed efficiently and securely is critical. Here's a breakdown of how to implement security measures, optimize performance, and maintain a reliable system.
Industrial systems are often exposed to unique cybersecurity risks, especially when connected to critical infrastructure. To mitigate these risks, consider the following:
Once security is in place, the focus shifts to performance. Industrial IoT systems often need to handle thousands of data points every minute, so efficiency is key.
To keep your integration running smoothly, continuous monitoring and proactive maintenance are essential.
Bringing OPC UA and REST APIs together using tools like Kepware and Ignition is reshaping how industrial data is managed and shared. This guide has outlined the key steps - from setting up your environment and securing connections to transforming OPC UA data into REST endpoints and creating scalable integrations. These practices lay the groundwork for a reliable and flexible industrial data framework.
By pairing Kepware’s OPC UA server capabilities with Ignition’s SCADA tools, and leveraging DreamFactory for automated API creation, the process of integrating industrial data becomes far more efficient, cutting down on manual coding and simplifying workflows.
However, success hinges on a few critical factors: implementing secure network segmentation, encrypted communications, and well-designed role-based access controls to safeguard your systems. To handle the high volume of manufacturing data, performance tweaks like caching, batching, and connection pooling are essential for smooth operations.
Ongoing monitoring and maintenance play a vital role in avoiding disruptions. Regular security checks, performance evaluations, and automated data archiving can help maintain system stability. For better oversight, integrating the ELK stack with DreamFactory offers robust logging and alerting features, ensuring you can address potential issues before they escalate.
With these steps outlined, this integration strategy supports both scalability and security, making it adaptable to the ever-changing demands of industrial automation. Whether you're working with a single production line or an entire facility, the combination of OPC UA and REST APIs bridges the gap between traditional manufacturing systems and modern industrial IoT solutions.
Integrating Kepware with Ignition simplifies the task of transforming OPC UA data into REST APIs by combining their respective capabilities. Kepware specializes in gathering and converting OPC UA data from a range of industrial devices, making it suitable for use in web-based applications. Ignition, with its built-in OPC UA server and client tools, takes this data and makes it accessible as RESTful APIs.
This collaboration enables smooth communication between industrial systems and web or IoT platforms, improving scalability, interoperability, and efficiency. Together, they offer a reliable solution tailored for today's industrial automation and IoT demands.
To keep the connection between Kepware and Ignition secure in a production setting, it's important to rely on strong encryption protocols such as SignAndEncrypt or Basic256. These protocols help safeguard both the confidentiality and integrity of the data being transferred. Using trusted certificates signed by a reputable Certificate Authority (CA) is another key step. This ensures proper authentication and blocks unauthorized access.
On top of that, make it a habit to update software, apply security patches, and upgrade firmware regularly. Staying current with updates helps close security gaps and strengthens system defenses. Together, these measures create a more secure communication channel for industrial automation systems, reducing the chances of breaches or data loss.
DreamFactory simplifies the process of creating REST APIs from OPC UA data by automatically transforming data structures into RESTful endpoints. This automation removes the need for manual coding, helping you save time and minimize errors.
With DreamFactory, industrial IoT systems gain advantages like quicker deployment, stronger data protection, and instant data access. These capabilities are crucial for maintaining smooth and reliable communication in complex industrial automation settings.