MQTT
IOTMER provides fully managed MQTT brokers — either shared (Cloud MQTT) or dedicated — with per-device and per-principal ACL enforcement, multi-region support, and TLS by default.
Broker options
| Cloud MQTT | Dedicated Cluster | |
|---|---|---|
| Setup | Instant activation per region | Provisioned on-demand (minutes) |
| Isolation | Workspace-level ACLs on shared infra | Full dedicated broker nodes |
| Scaling | Managed automatically | Configure node count |
| Custom config | No | Yes (Iotmer MQTT config) |
| Use case | Dev, SMB, cost-efficient | Enterprise, compliance, high-throughput |
Authentication
All MQTT clients authenticate with username + password:
- Devices — auto-generated credentials per device. See Device Credentials.
- Principals — manually created MQTT identities for non-device clients (backends, data pipelines). See Principals & ACLs.
ACL enforcement
Every publish and subscribe action is checked against ACL rules. Rules are ordered — first match wins.
- Device ACLs — attached to a specific device. See Device ACLs.
- Principal ACLs — attached to a named MQTT principal. See Principals & ACLs.
TLS
All brokers require TLS by default on port 8883. Use your system CA bundle or download the IOTMER CA from the console.