Authenticating with MQTT

Authenticating devices with MQTT

Overview

A Device must register over HTTPS via Register Device API before it can open an MQTT connection.

A successful registration returns the credentials the Device will use for MQTT:

  • id — unique Device ID.
  • access_key — authentication credential.
  • mqtt_hub_url — the MQTT broker assigned to this Device.

The Device must persist these and reuse them on every reconnect.


Connecting

When opening the MQTT connection, set the following fields on the client:

  • username — the id from the registration response.
  • password — the access_key from the registration response.
  • clientId — the id from the registration response.

Credential revocation

Registration credentials stay valid until the Device is deleted. When a Device is deleted, its MQTT credentials are revoked immediately:

  • Any open MQTT session is disconnected.
  • New connection attempts using the deleted Device's id and access_key are refused by the broker.

This mirrors the HTTPS behaviour, where requests from a deleted Device return 401 Unauthorized. To connect again, the Device must be registered anew via the Register Device API to obtain fresh credentials.