# HTTP-Based Authorization

HTTP-Based Authorization is an alternative method for managing client access in EMQX Edge. When an MQTT client sends a `CONNECT` packet, EMQX Edge can only be configured to issue an HTTP `POST` request to a specified server for authentication. The response from this external HTTP service determines whether the client is authorized to connect.

This approach allows you to integrate EMQX Edge with custom or centralized authentication systems.

## Configuration Example

To enable `http_auth` using HOCON format, include the following block within the `auth {}` section of your configuration file. Changes take effect after restarting EMQX Edge.

For a complete list of configuration options, see [Access Control Configuration](../config-description/acl.md).

```bash
auth {
  ...
  http_auth = {
    auth_req {
      url = "http://127.0.0.1:80/mqtt/auth"
      method = "POST"
      headers.content-type = "application/x-www-form-urlencoded"
      params = {clientid = "%c", username = "%u", password = "%P"}
    }

    super_req {
      url = "http://127.0.0.1:80/mqtt/superuser"
      method = "POST"
      headers.content-type = "application/x-www-form-urlencoded"
      params = {clientid = "%c", username = "%u", password = "%P", access = "%A", topic = "%t"}
    }

    acl_req {
      url = "http://127.0.0.1:8991/mqtt/acl"
      method = "POST"
      headers.content-type = "application/x-www-form-urlencoded"
      params = {clientid = "%c", username = "%u", access = "%A", ipaddr = "%a", topic = "%t", mountpoint = "%m"}
    }

    timeout = 5s
    connect_timeout = 5s
    pool_size = 32
    cache_ttl = 30s
  }
  ...
}
```

## Start EMQX Edge with the Configuration

To start EMQX Edge with your custom configuration file, run:

```bash
emqx-edge start --conf /path/to/nanomq.conf
```

> Replace `path/to/nanomq.conf` with the actual path to your configuration file.