HTTP-Based Authorization

HTTP-Based Authorization is an alternative method for managing client access in EMQX Edge. When an MQTT client sends a CONNECT packet, EMQX Edge can only be configured to issue an HTTP POST request to a specified server for authentication. The response from this external HTTP service determines whether the client is authorized to connect.

This approach allows you to integrate EMQX Edge with custom or centralized authentication systems.

Configuration Example

To enable http_auth using HOCON format, include the following block within the auth {} section of your configuration file. Changes take effect after restarting EMQX Edge.

For a complete list of configuration options, see Access Control Configuration.

bash

auth {
  ...
  http_auth = {
    auth_req {
      url = "http://127.0.0.1:80/mqtt/auth"
      method = "POST"
      headers.content-type = "application/x-www-form-urlencoded"
      params = {clientid = "%c", username = "%u", password = "%P"}
    }

    super_req {
      url = "http://127.0.0.1:80/mqtt/superuser"
      method = "POST"
      headers.content-type = "application/x-www-form-urlencoded"
      params = {clientid = "%c", username = "%u", password = "%P"}
    }

    acl_req {
      url = "http://127.0.0.1:8991/mqtt/acl"
      method = "POST"
      headers.content-type = "application/x-www-form-urlencoded"
      params = {clientid = "%c", username = "%u", access = "%A", ipaddr = "%a", topic = "%t", mountpoint = "%m"}
    }

    timeout = 5s
    connect_timeout = 5s
    pool_size = 32
  }
  ...
}

Start EMQX Edge with the Configuration

To start EMQX Edge with your custom configuration file, run:

bash

nanomq start --conf path/to/nanomq.conf

Replace path/to/nanomq.conf with the actual path to your configuration file.

HTTP-Based Authorization ​

Configuration Example ​

Start EMQX Edge with the Configuration ​

HTTP-Based Authorization

Configuration Example

Start EMQX Edge with the Configuration