Skip to content

Enhanced Security with MQTT Client Credentials Feature on HiveMQ Cloud

by Shashank Sharma
7 min read

Security is often essential to the success of IoT projects. Protecting your MQTT broker from unauthorized access and potential security breaches is crucial. One way to fortify the security level of your MQTT client connections is to control access by defining permissions to your MQTT broker. 

HiveMQ Cloud now features MQTT credentials with permissions for its Free and PAYG tiers. This new feature provides an added layer of security for MQTT clients. In this blog post, we’ll discuss MQTT credentials, why you need them, and how to use them with HiveMQ Cloud.

What are MQTT Credentials?

MQTT credentials are authorization values (username and password) used to identify and authorize MQTT clients. They are sent to the MQTT broker during the connection process and are used to determine the client’s access rights.

Why Do You Need MQTT Credentials?

MQTT credentials are essential for securing MQTT client connections. Without them, anyone could connect to your MQTT broker and publish or subscribe to any topic they wanted. With credentials, you can control which clients can access your broker and what they can do once they are connected.

Feature Details

In the initial release for Free and PAYG version, HiveMQ Cloud created three predefined roles for MQTT credentials:

  • Publish only: The client can only publish messages.

  • Subscribe only: The client can only subscribe to topics.

  • Publish and Subscribe: The client can publish messages and subscribe to topics.

Access these MQTT credentials in the “Access Management” tab of your HiveMQ Cloud UI.

MQTT credentials can be set up under the access management tabMQTT credentials can be set up under the access management tab.

Usage Details

To set up credentials for your IoT devices, simply define a username and password and assign specific permissions to those credentials. By default, all available credentials are assigned the publish and subscribe role. The assigned role is displayed in the HiveMQ Cloud portal UI next to the username/password.

If you want to change the role assigned to a credential pair, you can do so during creation. To update the role assigned to a credential, delete the existing credential pair and create a new one. To apply the new role to your clients, reconnect them after creating credentials with an updated role.

Use Case Example of Using MQTT Credentials  

Giving your clients specific permissions gives you command over your data flow. Let us discuss a simple use case where client permissions are helpful. 

In our example, a temperature sensor collects outside temperature measurements every minute and publishes it to the broker. This sensor has publish-only permission to the cloud broker. 

Another device, a workstation, aggregates this data and publishes an hourly average temperature along with the date and hour of the recorded data. This workstation has both publish and subscribe permissions. 

A third device, a dedicated dashboard, subscribes only to the hourly average temperature and plots it as a graph. The dashboard has subscribe-only permission, as it needs only to read the data. 

All three devices have different permissions, which helps ensure control over the flow of information. In the real world, different client permissions help prevent unwanted access to your IoT project by outside third parties. 

Graphical representation of the use-caseGraphical representation of the use-case

Get Started with HiveMQ Cloud MQTT Credentials  

In conclusion, MQTT Credentials are an essential feature of HiveMQ Cloud that allows you to control access to your MQTT broker, increasing security. By assigning roles to credentials, you can control what clients can and cannot do once they are connected. With HiveMQ Cloud’s easy-to-use portal UI, managing MQTT Credentials in the Free and PAYG tier has never been easier.

Now that you know about the Client Credentials, are you ready to enhance your IoT Project security?

Unlock the full potential of MQTT with HiveMQ Cloud Starter, a complete MQTT platform ideal for testing and small-scale production! Begin your free trial now and enjoy unlimited connections, 99.95% uptime SLA, 24/7 support, data streaming integrations, and more.

Sign-up Now

Shashank Sharma

Shashank Sharma is a product marketing manager at HiveMQ. He is passionate about technology, supporting customers, and enabling developer-centric workflows. He focuses on the HiveMQ Cloud offerings and has previous experience in application software tooling, autonomous driving, and numerical computing.

  • Contact Shashank Sharma via e-mail

Related content:

HiveMQ logo
Review HiveMQ on G2