Endpoint |
- To view the endpoint of the instance that you purchased, perform the following steps:
Log on to the IoT Platform console. In the left-side navigation pane, click Instances. On the page that appears, click View in the Actions column of the instance. On the Instance Details page, you can view the endpoint.
- The endpoint for public instances is
${YourProductKey}.iot-as-mqtt.${YourRegionId}.aliyuncs.com:1883 .
- ${YourProductKey}: Replace this variable with the ProductKey of the product to which the device belongs.
You can obtain the ProductKey on the Device Details page of the IoT Platform console.
- ${YourRegionId}: Replace this variable with your region ID. For information about region IDs, see
Regions and zones.
|
Variable header: keep-alive |
The CONNECT command must include a keep-alive time. Valid values of the keep-alive
time: 30 to 1,200 seconds. If no response is received from a device before the keep-alive
time expires, IoT Platform rejects the connection request. We recommend that you set
a value that is greater than 300 seconds. If a network is intermittent, set the keep-alive
time to a value that is close to 1,200 seconds.
|
Parameters in an MQTT CONNECT message |
- Unique-certificate-per-device authentication and pre-registration unique-certificate-per-product
authentication: Use the device certificate (ProductKey, DeviceName, and DeviceSecret)
to connect the device to IoT Platform.
mqttClientId: clientId+"|securemode=3,signmethod=hmacsha1,timestamp=132323232|"
mqttUsername: deviceName+"&"+productKey
mqttPassword: sign_hmac(deviceSecret,content)
- mqttClientId: Extended parameters are placed between vertical bars (
| ).
- clientId: the ID of the client. We recommend that you use the MAC address or serial number
(SN) of the device as the client ID. The client ID cannot exceed 64 characters in
length.
- securemode: the current security mode. Valid values: 2 (direct TLS connection) and 3 (direct
TCP connection).
- signmethod: the signature algorithm. Valid values: hmacmd5, hmacsha1, hmacsha256, and sha256.
Default value: hmacmd5.
- timestamp: the current time, in milliseconds. This parameter is optional.
- mqttPassword: the password. Calculation method: Alphabetically sort the parameters that are submitted
to the server and encrypt the parameters based on the specified signature algorithm.
For more information about the signature calculation example, see Examples of signing MQTT connections.
- content: a concatenated string of the parameters that are submitted to the server. These
parameters include productKey, deviceName, timestamp, and clientId. The parameters are sorted in alphabetical order and concatenated without delimiters.
Example
Assume that the following values are specified: clientId=12345, deviceName=device, productKey=pk, timestamp=789, signmethod=hmacsha1,
deviceSecret=secret . The parameters in an MQTT CONNECT message that is sent over TCP is shown in the
following code:
mqttclientId=12345|securemode=3,signmethod=hmacsha1,timestamp=789|
mqttUsername=device&pk
mqttPassword=hmacsha1("secret","clientId12345deviceNamedeviceproductKeypktimestamp789").toHexString();
The encrypted password is a hexadecimal string that is converted from a binary string.
The result is shown in the following code:
FAFD82A3D602B37FB0FA8B7892F24A477F85****
- Preregistration-free unique-certificate-per-product authentication: Use ProductKey,
DeviceName, ClientID, and DeviceToken to connect the device to IoT Platform.
mqttClientId: clientId+"|securemode=-2,authType=connwl|"
mqttUsername: deviceName+"&"+productKey
mqttPassword: deviceToken
- mqttClientId: Extended parameters are placed between vertical bars (
| ).
- clientId, deviceToken: the ClientID and DeviceToken that are obtained when the device is dynamically registered.
For more information, see MQTT-based dynamic registration.
- securemode: the current security mode. If you use preregistration-free unique-certificate-per-product
authentication, the value is -2.
- authType: the authentication type. If you use preregistration-free unique-certificate-per-product
authentication, the value is regnwl.
|