Channels

Channels receive data from clients using various protocols and also implement an authentication layer. The currently supported protocols are:

  • MQTT (MQTT Broker);

  • HTTP (HTTP Server).

MQTT Channels

The MQTT Channels provide access to the built-in MQTT Broker. The channel used to authenticate the client is determined when the MQTT client attempts to establish a connection to the broker. The channel resolution logic is as follows:

  1. Channels bound to the Client Identifier (ClientID);

  2. Channels bound to the Username;

  3. Anonymous channel (if enabled).

The first matching channel found is used for client authentication.

Authentication

The currently supported authentication methods are:

Anonymous access can also be allowed.

Basic Authentication

Basic authentication uses a username/password pair, which is transmitted in the MQTT CONNECT control message.

JWT Authentication

JWT Authentication is based on JSON Web Tokens. Currently, only tokens signed with ECDSA (ES256) are supported.

The MQTT Channel stores the public key and validates the JWT when a client connects to the channel. The client signs the JWT using its private key and sends it in the Password field of the MQTT CONNECT control message. The Username field is mandatory when using MQTT v3.11.

HTTP Channels

The HTTP Channels provide an API for uploading messages to Internal Queues over HTTP/1.1 from where they can be retrieved by Internal Queue Connector. Both HTTP and HTTPS are supported.

An HTTP Channel provides access only to the Internal Queues to which it is explicitly bound.

Authentication

The currently supported authentication methods are:

Anonymous access can also be allowed.

Basic Authentication

Basic Authentication follows the standard defined in the HTTP Basic Authentication Scheme.

The client must include an Authorization header containing the username and password, separated by a single colon and encoded in base64:

Authorization: Basic <base64(username:password)>

JWT Authentication

JWT Authentication is based on JSON Web Tokens. Currently, only tokens signed with ECDSA (ES256) are supported.

The HTTP Channel stores the public key and validates the JWT when it receives an HTTP request from a client. The client signs the JWT using its private key and includes it in the Authorization HTTP header:

Authorization: Bearer <token>

Message API

To upload a message, a client must send a POST request with the payload encoded as JSON to the HTTP channel URL:

{
  "header": {
    "queues": ["my_queue1", "my_queue1"]
  }
  "message" : {
    ...
  }
}