Establish MQTT connections over TCP

Connect an MQTT client to IoT Platform

1. Optional. We recommend that you use the TLS protocol for encryption.
   • Link SDK integrates the TLS encryption feature, which eliminates your needs of configuration.
   • If you are developing your own device SDK, you must download the root certificate. For more information about how to use the root certificate, see mbed TLS tutorial.
2. Connect the MQTT client to the server. For more information about the connection method, visit the GitHub.
   For more information about the MQTT protocol, see the MQTT documentation.

   Note Alibaba Cloud does not provide technical support for third-party code.
3. Establish an MQTT connection.

   We recommend that you use Link SDK to connect the device to IoT Platform. If you use your own device SDK for connection, you must specify the following parameters.

   Parameter	Description
   Endpoint	Format: ${YourProductKey}.iot-as-mqtt.${YourRegionId}.aliyuncs.com:1883 Replace the ${YourProductKey} variable with the ProductKey of the product to which your device belongs. You can log on to the IoT Platform console and view the ProductKey on the Device Details page. ${YourRegionId}:
   Variable header: Keep Alive	The CONNECT message must include a keep-alive period. Valid values of the keep-alive time: 30 to 1,200 seconds. We recommend that you set the keep-alive period to a value that is greater than 300 seconds. If the network connection is unstable, we recommend that you set the keep-alive period to a higher value. If the value of the Keep Alive parameter is not in this range, IoT Platform rejects the connection. For more information, see MQTT keep-alive.
   Parameters in an MQTT CONNECT message	Unique-certificate-per-device authentication and pre-registration unique-certificate-per-product authentication: Use the device certificate (ProductKey, DeviceName, and DeviceSecret) to connect the device to IoT Platform. mqttClientId: clientId+"|securemode=3,signmethod=hmacsha1,timestamp=132323232|" mqttUsername: deviceName+"&"+productKey mqttPassword: sign_hmac(deviceSecret,content) mqttClientId: Extended parameters are placed between vertical bars (|). clientId: the ID of the client. You can specify a client ID based on your needs. The client ID cannot exceed 64 characters in length. We recommend that you use the MAC address or serial number (SN) of the device as the client ID. securemode: the current security mode. Valid values: 2 (direct TLS connection) and 3 (direct TCP connection). signmethod: the signature algorithm. Valid values: hmacmd5, hmacsha1, hmacsha256, and sha256. Default value: hmacmd5. timestamp: the current time, in milliseconds. This parameter is optional. mqttPassword: the password. Calculation method: Alphabetically sort the parameters that are submitted to the server and encrypt the parameters based on the specified signature algorithm. For more information about the signature calculation example, see Examples of creating signatures for MQTT connections. content: a concatenated string of the parameters that are submitted to the server. These parameters include productKey, deviceName, timestamp, and clientId. The parameters are sorted in alphabetical order and concatenated without delimiters. Notice productKey and deviceName are required. timestamp and clientId are optional. If you specify timestamp or clientId, the parameter value must be the same as the value that is specified in mqttClientId. Example: Assume that the following values are specified: clientId=12345, deviceName=device, productKey=pk, timestamp=789, signmethod=hmacsha1, deviceSecret=secret. The following code shows the parameters in an MQTT CONNECT message that is sent over TCP: mqttclientId=12345|securemode=3,signmethod=hmacsha1,timestamp=789| mqttUsername=device&pk mqttPassword=hmacsha1("secret","clientId12345deviceNamedeviceproductKeypktimestamp789").toHexString(); The encrypted password is a hexadecimal string that is converted from a binary string. The following code shows the result: FAFD82A3D602B37FB0FA8B7892F24A477F85****
   	Preregistration-free unique-certificate-per-product authentication: Use ProductKey, DeviceName, ClientID, and DeviceToken to connect the device to IoT Platform. mqttClientId: clientId+"|securemode=-2,authType=connwl|" mqttUsername: deviceName+"&"+productKey mqttPassword: deviceToken mqttClientId: Extended parameters are placed between vertical bars (|). clientId, deviceToken: the ClientID and DeviceToken that are obtained when the device is dynamically registered. For more information, see MQTT-based dynamic registration. securemode: the current security mode. If you use preregistration-free unique-certificate-per-product authentication, set the value to -2. authType: the authentication method. If you use preregistration-free unique-certificate-per-product authentication, set the value to connwl.

Examples

For information about examples of using open-source MQTT clients to access IoT Platform, see the following articles:

• Use the Paho MQTT Go client
• Use the Paho MQTT C# client
• Use the Paho MQTT C client
• Use the Paho MQTT Java client
• Use the Paho MQTT Android client

MQTT keep-alive

In a keep-alive interval, the device must send at least one message, including ping requests.

Valid values of the keep-alive time: 30 to 1,200 seconds. We recommend that you set the keep-alive period to a value that is greater than 300 seconds.

A timer starts when IoT Platform sends a CONNACK message as a response to a CONNECT message. When IoT Platform receives a PUBLISH, SUBSCRIBE, PING, or PUBACK message, the timer is reset. If no message is received within 1.5 times the specified heartbeat interval, the server terminates the connection.