Core concepts

Toit offers you a new virtual machine for embedded devices, a new programming language, and management tools to make programming and managing IoT devices easy and secure.

With the Toit platform, you have access to:

  • the Toit virtual machine installed on your devices to allow for easy app development and deployment.

  • the Toit programming language, designed specifically for the IoT domain.

  • the Toit cloud, where data from the devices is collected and communication with individual devices is managed, all using secure-by-default channels.

  • the Toit APIs, which is your gateway to your devices and your data, by easily letting you start pulling your device data into your own cloud solution and/or IoT application.

The Toit virtual machine

The Toit virtual machine runs programs written in the Toit language. It has been designed to address common pain points in embedded systems. Common real-time operating systems for constrained devices do not shield individual applications from each other. Instead, they require all applications and the base operating system to be compiled, linked and deployed together, which makes updating them error-prone.

The Toit virtual machine augments the real-time operating system and isolates applications from the underlying hardware enabling a robust, resilient, and flexible platform for running software. With the Toit virtual machine, Toit applications are developed, deployed, and updated separately; apps run side-by-side on the devices in a sandboxed environment.

Block diagram of the Toit environment
Block diagram of the Toit environment

The Toit language

The Toit programming language is designed specifically for IoT development, with a fraction of the footprint of other languages. It allows applications to be compiled to compact binaries that execute fast (it is already around 20 times faster than JS and Python on ESP32).

In addition, this high-level language includes ready-made, reliable libraries. These, combined with a recognizable programming style, make it an extremely easy language to get started with.

Finally, with the Toit language, the entire software stack is power consumption aware, which improves the lifespan of a battery-powered device.

The Toit cloud

All communications between your devices and the Toit cloud platform are network-agnostic (WiFi and/or Cellular) and encrypted. Devices are orchestrated, monitored, and updated via the Toit cloud.

The cloud is accessible using the Toit console, a web interface with intuitive design for managing devices, writing example code, viewing deployed apps and checking the logs. It is also possible to access most of the console's features using the Toit Command Line Interface (CLI).


The data collected from devices is freely available via our external APIs, letting you manage your own data, and store the data in your own cloud solutions, if you like. The data must flow from devices through the Toit cloud, and then into the users' own solutions to be used as desired, for example in tailored IoT applications or communicating with other devices.

Data flow

Apps and firmware updates are pushed from the Toit console to the devices:

  • Toit apps are built and compiled before being deployed to devices via the Toit console.
  • Firmware updates are pushed to devices when new Toit firmware versions are available and the user triggers the update from either the Toit console or the Toit CLI.

Data, logs, and metrics flow from devices to the Toit console:

  • Devices collect data, logs, and metrics at specified intervals or triggers. Each Toit app has a specification file which defines these settings. These are saved on the device and sent to the Toit console each time the device comes online and connects to the console.
  • The Toit console keeps track of online/offline devices and of the device health.

Toit security model

The Toit platform follows best practices regarding security. For example, the ESP32 MPU provides integrity features such as secure boot with crypto key and chain of trust.

Updates of the software are also cryptographically signed: any new Toit code, in the form of an app or system update, needs to be signed. The devices reject code where the authenticity could not be verified. In addition to apps, the Toit SDK, libraries and subsystems used by Toit (such as SSL code for secure communications) are easily updatable in the field when vulnerabilities are found.

The Toit language increases the robustness of the platform. Most common mistakes usually found in low level languages such as C cannot occur with Toit due to the design of the language. Others are caught by the system and turned into harmless errors, which can be reported back to the developer, thus protecting the device from potential attacks or hijacking.

Finally, communications are secured with TLS. This protocol ensures data privacy and prevent eavesdropping and tampering.