...
Association only: The least secure method, it delegates device authentication to the gateway. When the device attaches to the gateway, ClearBlade IoT Core checks whether or not the device is associated with, or bound to, the gateway. If the device is bound, it's authorized to communicate with ClearBlade IoT Core through the gateway. This method is useful when the device can't store and send its JWT or uses a different authentication method other than JWT.
Device credential only: The gateway sends the device's JWT or generates and sends a JWT on the device's behalf. Because this method associates a JWT with the device, the device isn't required to be bound to the gateway. Use this method when you want devices to switch to a different gateway based on proximity or other factors or when the devices can generate their JWTs but can’t connect to the internet.
Association and device credential: The most secure method. When a bound device attaches to the gateway, ClearBlade IoT Core authenticates it by checking the gateway's JWT, the device's JWT, and whether or not the device is associated with, or bound to, the gateway.
See Using Gateways gateways with the MQTT Bridgebridge for more details.
Authenticating over the HTTP bridge
You must bind the device to the gateway and then supply the device or gateway JWT in every HTTP request. ClearBlade IoT Core checks the bound device's association with the gateway and the supplied JWT to authenticate the device. This provides a similar level of security as when you use the MQTT bridge to send the association and the device's JWT for authentication.
See Using Gateways gateways with the HTTP Bridgebridge for more details.