LoRaWAN DevEUI, AppEUI and AppKey
The DevEUI is a global end device ID in IEEE EUI64 address space that uniquely identifies the end device.
The user can derive their own DevEUI
The AppKey is an AES128 root key specific to the end device. Whenever an end device joins a network via over the air activation(OAT), the AppKey is used to derive the session keys NwkSKey and AppSKey specific for that end device to encrypt and verify network communication and application data.
The AppKey should be unique for each device.The user can derive their own AppKey
The AppEUI is a global application ID in IEEE EUI64 address space that uniquely identifies the entity able to process the JoinReq frame. The AppEUI is stored in the end-device before the activation procedure is executed
The AppEUI can be different for each device or it can also be same for all device. It also depends on what kind of application server you are using.
For example in loraserver.io you can have unique AppKey,AppEUI and DevEUI but in TheThingsNetwork you can register many devices for one application or AppEUI. But note that AppKey and DevEUI should always be unique for each end node.
The DevEUI is an ID in the IEEE EUI64 address space used to identify a device. It is supplied by the device manufacturer. A deprecated algorithm exists to convert 48bit MAC addresses to EUI64. For MAC addresses with 6 bytes (e.g. 01 02 03 04 05 06) put ff fe or ff fe in the middle (e.g. 01 02 03 ff fe 04 05 06). This algorithm has been deprecated as it may lead to collisions with other DevEUIs. During over the air activation a DevAddr is assigned to the device. This DevAddr is used in the LoRaWAN protocol afterwards. The DevEUI is sent unencrypted.
The JoinEUI (formerly called AppEUI) is a global application ID in the IEEE EUI64 address space identifying the join server during the over the air activation. For non-private networks it corresponds to a subdomain of joineuis.lora-alliance.org. This server name is used to find the IP address of the join server via DNS. This is described in LoRaWAN™ Back-End Interfaces v1.0.
AppKey is the encryption key used for messages during every over the air activation. After the activation the AppSKey is used. A listener knowing the AppKey can derive the AppSKey. So you want to keep the AppKey secret. Which side of the communication channel creates it is not important. You simply want to be sure that it is random.