Skip to content

Step Up Your MQTT Security with JWT Authentication on HiveMQ Cloud Starter

by Shashank Sharma
7 min read

We are excited to announce yet another security enhancement to HiveMQ Cloud StarterJWT Authentication. In our ongoing mission to deliver a secure, efficient, and reliable IoT messaging experience, this new feature is set to bring advanced security measures to your MQTT projects. With this, Cloud Starter users have 3 different ways to authenticate their clients: via role-based authentication, Client-certificate authentication and JWT authentication. In this blog post, we will walk you through achieving MQTT security using JWT authentication.

What is JWT Authentication?

JWT (JSON Web Token) Authentication is a security protocol that allows devices and users to verify their identity using a compact, self-contained token. The token carries all the necessary information to confirm identity, thus eliminating the need to repeatedly query a database. This makes it a fast and secure authentication method, especially well-suited for IoT applications.

HiveMQ Cloud Starter offers JWT authentication with token verification as the key feature. Once a JWT is presented, our MQTT platform automatically verifies it using the fetched public keys, ensuring that only authenticated devices and users are able to access your MQTT resources. The token verification is supported via:

  • JWKS Endpoint: HiveMQ Cloud Starter provides a JWKS (JSON Web Key Set) endpoint that contains the public keys of your JWT provider. HiveMQ Cloud fetches these keys and uses them to verify the signatures of the received JWTs.

  • Claims Checklist: You can define a list of key-value pairs, known as “claims,” such as issuer or device type. Whenever a device tries to access your MQTT resources using a JWT, our platform will cross-reference these claims to ensure a match. If the details don’t align, access is denied.

What Are the Benefits to Our Users?

JWT Authentication offers the following benefits to HiveMQ Cloud Starter users.

  • Enhanced Security: JWT Authentication significantly elevates the security level of your MQTT platform, ensuring that only authorized entities can access your data and services. This is in addition to the already existing role-based access credentials and Client certificate authentication.

  • Streamlined Operations: By using a JWT, you minimize the number of times you have to interact with your identity provider, thereby reducing latency and improving performance.

  • Customized Access Control: The claims checklist allows you to fine-tune your security settings, granting access only to devices that meet your specific criteria.

  • Automated Authentication: The feature handles the entire verification process automatically, freeing you to focus on other critical aspects of your IoT implementation.

  • Easy to Implement: JWT is a widely adopted standard, making it easier to integrate this authentication method into your existing infrastructure, and allowing for scalability as your needs grow.

How Do I Use This Feature?

The JWT Authentication can be found under the Access Management in your cluster settings.

JWT Authentication TabTo create your own JWT token, please refer to our blog, Integrating HiveMQ with Okta, which walks you, step by step, through setting up your JWT tokens.

Once you have set up your token, you can add your JWKS endpoint as shown in the image below. You can also add claims as key-value pairs.

Once you add the certificate, your cluster will restart with the new authentication settings.

JWT Authentication inside of HiveMQ CloudTo connect your clients using JWT tokens, you can follow steps similar to ones we discussed in the post, Enhance Your IoT Security with Client Certificate Authentication on HiveMQ Cloud Starter.


JWT Authentication offers a third way to authenticate your clients when using HiveMQ Cloud Starter. JWT tokens are commonly used in many industries for client authentication, and now Starter plans make it easier for you to leverage such industry best practices for your IoT deployments. JWT Authentication in HiveMQ Cloud Starter plan, together with username-password authentication and Client certificate authentication, provides multiple ways to manage your IoT project security.

Sign up now for HiveMQ Cloud Starter and grab $100 worth of free credits upon creation of the first Starter cluster.

Sign up for HiveMQ Cloud Starter

Shashank Sharma

Shashank Sharma is a product marketing manager at HiveMQ. He is passionate about technology, supporting customers, and enabling developer-centric workflows. He focuses on the HiveMQ Cloud offerings and has previous experience in application software tooling, autonomous driving, and numerical computing.

  • Contact Shashank Sharma via e-mail

Related content:

HiveMQ logo
Review HiveMQ on G2