Ioto is an embedded agent for remotely or locally managing devices. It is tiny, but blazing fast and has an extensive suite of management protocols and integrations.

Ioto is optimized for management and communications via an event-driven, fiber coroutine core to deliver rapid response, and effective memory and CPU utilization. It has a natural, elegant procedural programming paradigm without callbacks or complex thread synchronization. It is compact with only 120KB of code.

As part of the Embedded family of widely deployed device agents, Ioto is suitable for use in networking equipment, industrial automation, process control, mining equipment, agribusiness, consumer devices, office equipment, healthcare. Basically anywhere you need remote managment of devices.

Ioto suports: HTTP/1, MQTT, SSL/TLS, secure bcrypt authentication, sandbox resource limits, logging, JSON parsing and query, fine-grained configuration and compilation controls.

Ioto Benefits and Features:

Local Device Management


When used for local access to embedded devices, device agents must assume they are secondary to the essential functions that the device or application must perform. As such, the agent must minimize its resource demands and should be deterministic in the load it places on a system.

Ioto excels in this regard and is:

Ioto Internals

The core of Ioto is an event-driven, single-threaded, fiber coroutine pipeline above which user device extensions execute to provide device specific handling.


Ioto has the following features:

Request Pipeline

Ioto has an efficient, zero-copy request pipeline to process requests and generate responses. This consists of a mechanism of queues, packets, buffering and event scheduling. The pipeline architecture is highly optimized and uses sendfile, async I/O and vectored, scatter/gather writes to the network to avoid the costly aggregation of data and headers in a single buffer before writing to the network.



Some web servers have become more secure by a painful process of discovery. While it is no guarantee, we believe that developing a web server to be secure by design is easier than trying to engineer-in security after the fact. For embedded web servers, the task is even more difficult, as it must be done without increasing memory footprint or degrading performance.

Ioto is designed to be secure from the foundation up, by using a secure Portable Runtime (MPR). The MPR is a cross-platform layer that permits over 97% of the Ioto code to be portable. It includes many mechanisms to assist in the creation of secure application. One such facility is a safe string and buffer handling module to help eliminate buffer overflows that have plagued many products.


Ioto closely controls its use of system resources via a technique known as "sandboxing". This means running the agent within tightly controlled limits so that request errors will not compromise system operation. Ioto has also been hardened against several common denial of service attacks.

Ioto can be configured to:

To build on this foundation, Ioto also provides a Secure Sockets Layer and Bcrypt authentication.


Ioto is licensed via a royalty free, commercially license with options for commercial maintenance and support.

Learn More?

To learn more about Ioto, please read:

© Embedthis Software® LLC. All rights reserved. Privacy Policy and Terms of Use.


This web site uses cookies to provide you with a better viewing experience. Without cookies, you will not be able to view videos, contact chat or use other site features. By continuing, you are giving your consent to cookies being used.