Authenticating devices with MQTT
Overview
A Device must register over HTTPS via Register Device API before it can open an MQTT connection.
A successful registration returns the credentials the Device will use for MQTT:
id— unique Device ID.access_key— authentication credential.mqtt_hub_url— the MQTT broker assigned to this Device.
The Device must persist these and reuse them on every reconnect.
Connecting
When opening the MQTT connection, set the following fields on the client:
username— theidfrom the registration response.password— theaccess_keyfrom the registration response.clientId— theidfrom the registration response.
Credential revocation
Registration credentials stay valid until the Device is deleted. When a Device is deleted, its MQTT credentials are revoked immediately:
- Any open MQTT session is disconnected.
- New connection attempts using the deleted Device's
idandaccess_keyare refused by the broker.
This mirrors the HTTPS behaviour, where requests from a deleted Device return 401 Unauthorized. To connect again, the Device must be registered anew via the Register Device API to obtain fresh credentials.
