You can establish IPv6-based MQTT connections to connect devices to IoT Platform.

Background information

  • Only the China (Shanghai) region supports IPv6-based MQTT connections.
  • During environment tests, you can use the following domain name and port to establish MQTT connections with IoT Platform.

    Domain name: ipv6.itls.cn-shanghai.aliyuncs.com

    Port: 1883

    Encryption protocol: TLSv1.2

    Note Do not use the test domain name in production environment.

Connect devices to IoT Platform

In production environment, you must use the official MQTT domain name of a product to connect the devices of the product to IoT Platform.

  1. Log on to the ticketing system, and submit a ticket to activate the AAAA record of the official MQTT domain name.

    The official MQTT domain name of a product: ${YourProductKey}.iot-as-mqtt.cn-shanghai.aliyuncs.com. Replace ${YourProductKey} with the PorductKey of your product.

  2. Download the root certificate that is used for TLS encryption.
  3. Develop your device to configure an MQTT connection.

    We recommend that you use the device SDKs provided by Alibaba Cloud to connect to IoT Platform. If you use custom device SDKs, you must configure a signature mechanism. For more information, see Examples of creating signatures for MQTT connections.

    The following table lists the fields to be specified.

    Field Description
    Domain name and port ${YourProductKey}.iot-as-mqtt.cn-shanghai.aliyuncs.com:1883

    Replace ${YourProductKey} with the PorductKey of your product.

    Variable header: keep-alive The CONNECT command must include a keep-alive time. Valid values of the keep-alive time: 30 to 1,200 seconds. If no response is received from a device before the keep-alive time expires, IoT Platform rejects the connection request. We recommend that you set a value that is greater than 300 seconds. If a network is intermittent, set the keep-alive time to a value that is close to 1,200 seconds.
    Parameters in an MQTT CONNECT packet
    mqttClientId: clientId+"|securemode=3,signmethod=hmacsha1,timestamp=132323232|"
    mqttUsername: deviceName+"&"+productKey
    mqttPassword: sign_hmac(deviceSecret,content)

    mqttPassword: the password. Calculation method: Alphabetically sort the parameters that are submitted to the server and encrypt the parameters based on the specified signature algorithm.

    content: a concatenated string of the parameters that are submitted to the server. These parameters include productKey, deviceName, timestamp, and clientId. The parameters are sorted in alphabetical order and concatenated without delimiters.

    • clientId: the ID of the client. We recommend that you use the MAC address or serial number (SN) of the device as the client ID. The client ID cannot exceed 64 characters in length.
    • timestamp: the current time, in milliseconds. This parameter is optional.
    • mqttClientId: Extended parameters are placed between vertical bars (|).
    • signmethod: the signature algorithm. Valid values: hmacmd5, hmacsha1, hmacsha256, and sha256. Default value: hmacmd5.
    • securemode: the current security mode. Valid values: 2 (direct TLS connection) and 3 (direct TCP connection).

    Example

    Assume that the following values are specified: clientId=12345, deviceName=device, productKey=pk, timestamp=789, signmethod=hmacsha1, deviceSecret=secret. The following code shows the parameters in an MQTT CONNECT message that is sent over TCP:

    mqttclientId=12345|securemode=3,signmethod=hmacsha1,timestamp=789|
    mqttUsername=device&pk
    mqttPassword=hmacsha1("secret","clientId12345deviceNamedeviceproductKeypktimestamp789").toHexString(); 

    The encrypted password is a hexadecimal string that is converted from a binary string. The following code shows the result:

    FAFD82A3D602B37FB0FA8B7892F24A477F85****

For information about how to establish TCP-based MQTT connections, see Establish MQTT connections over TCP.