When you run a self-hosted MQTT broker such as EMQX or Mosquitto, you handle patching, scaling, and high availability yourself. ApsaraMQ for MQTT is a fully managed MQTT message service that provides device-level permission management and SSL/TLS encryption, so you can offload infrastructure operations while keeping your existing publish/subscribe logic unchanged.
Migration requires only endpoint and authentication changes. Your QoS settings, retained-message flags, clean-session behavior, and message-handling code remain the same.
The following diagram illustrates the migration process.
Before you begin
Review the following differences between open-source MQTT brokers and ApsaraMQ for MQTT. These affect how you configure your client after migration.
| Area | Open-source broker | ApsaraMQ for MQTT | Migration impact |
|---|---|---|---|
| Endpoint | Self-hosted address (e.g., tcp://my-broker:1883) | Alibaba Cloud managed endpoint (e.g., tcp://mqtt-cn-******.mqtt.aliyuncs.com:1883) | Update the broker parameter |
| Client ID | Any string | Must follow the <GroupID>@@@<DeviceID> format | Create a group in the console, then update clientId |
| Authentication | Username/password or anonymous | Signature-based, token-based, or custom authentication | Update userName and password; add signature dependencies if using signature mode |
| System topics | $share, $delayed, and other $-prefixed topics | $-prefixed system topics are not supported | Use cloud SDKs for shared subscriptions. See Use shared subscriptions with cloud SDKs |
| Pub/sub logic | Standard MQTT | Standard MQTT | No changes needed |
Prerequisites
Before you begin, make sure that you have:
An Alibaba Cloud account with sufficient balance
A Java development environment with Maven configured
An existing MQTT client application that uses the Eclipse Paho Java SDK
This guide uses the Eclipse Paho Java SDK as an example. The same parameter changes apply to other languages and SDKs. For complete sample projects, see Demo projects.
Step 1: Create ApsaraMQ for MQTT resources
Before you update your client code, create three resources in the ApsaraMQ for MQTT console: an instance, a topic, and a group.
Create an instance
Log on to the ApsaraMQ for MQTT console. In the left-side navigation pane, click Instances.
In the top navigation bar, select a region. In the upper-left corner, click Create Instance.
In the panel that appears, keep the default value Subscription for the Billing Method parameter. Click OK.
Select the instance specifications based on your requirements, select Terms of Service, and click Buy Now. For a comparison of instance editions, see Instance editions.
Complete the payment as prompted.
Create a topic
Log on to the ApsaraMQ for MQTT console. In the left-side navigation pane, click Instances.
Select the region of your instance. Click the instance name to open the Instance Details page.
In the left-side navigation pane, click Topics. In the upper-left corner, click Create Topic.
Set the Name and Description parameters, then click OK.
Create a group
Log on to the ApsaraMQ for MQTT console. In the left-side navigation pane, click Instances.
Select the region of your instance. Click the instance name to open the Instance Details page.
In the left-side navigation pane, click Groups. In the upper-left corner, click Create Group.
Set the Group ID parameter and click OK.
Step 2: Update your client code
Update your Java project by adding the required dependencies and changing the connection parameters.
Add Maven dependencies
Add the following dependencies to the pom.xml file of your project:
<dependencies>
<!-- MQTT client -->
<dependency>
<groupId>org.eclipse.paho</groupId>
<artifactId>org.eclipse.paho.client.mqttv3</artifactId>
<version>1.2.2</version>
</dependency>
<!-- Required for signature-based authentication -->
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.10</version>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.2</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.48</version>
</dependency>
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-onsmqtt</artifactId>
<version>1.0.3</version>
</dependency>
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-core</artifactId>
<version>4.5.0</version>
</dependency>
</dependencies>If your project already includes the Eclipse Paho dependency, keep version 1.2.2 or later. The remaining five dependencies are required for signature-based authentication. If you use custom authentication, see Custom authentication for the required dependencies.
Update connection parameters
The following table lists the parameters to change. All other parameters (QoS, retained flag, clean session, keep-alive interval) remain the same.
| Method | Parameter | What to change |
|---|---|---|
new MqttClient(broker, clientId, persistence) | broker | Set to your ApsaraMQ for MQTT endpoint in the format tcp://<endpoint>:1883. Find the endpoint on the Endpoints for Client SDK tab of the Instances page in the ApsaraMQ for MQTT console. Example: tcp://mqtt-cn-******.mqtt.aliyuncs.com:1883. |
clientId | Set to the format <GroupID>@@@<DeviceID>. <GroupID> is the group ID you created in Create a group. <DeviceID> is an identifier that you define for each device. The @@@ delimiter is required. Example: GID_test@@@device001. For naming rules, see Clients. | |
sampleClient.publish(topic, message) | topic | Set to a topic created in the ApsaraMQ for MQTT console. |
connOpts.setUserName() | UserName | Set to the access credential for your chosen authentication method. See Authentication overview. |
connOpts.setPassword() | Password | Set to the access credential for your chosen authentication method. For signature mode, call Tools.macSignature(clientId, secretKey).toCharArray(). See Authentication overview. |
Code comparison
The following examples show the connection code before and after migration. Only the highlighted parameters change.
Before migration (open-source broker):
String broker = "tcp://my-emqx-broker.example.com:1883";
String clientId = "my-device-001";
MqttClient client = new MqttClient(broker, clientId, new MemoryPersistence());
MqttConnectOptions connOpts = new MqttConnectOptions();
connOpts.setUserName("my_user");
connOpts.setPassword("my_password".toCharArray());
client.connect(connOpts);
// Publish and subscribe -- same as before
client.publish("my/topic", new MqttMessage("Hello".getBytes()));After migration (ApsaraMQ for MQTT with signature authentication):
// Endpoint: find on Instances > Endpoints for Client SDK tab
String broker = "tcp://mqtt-cn-******.mqtt.aliyuncs.com:1883";
// Client ID: <GroupID>@@@<DeviceID>
// GroupID: created in the ApsaraMQ for MQTT console
// DeviceID: a unique identifier you assign to each device
String groupId = "GID_test";
String deviceId = "my-device-001";
String clientId = groupId + "@@@" + deviceId;
MqttClient client = new MqttClient(broker, clientId, new MemoryPersistence());
MqttConnectOptions connOpts = new MqttConnectOptions();
// Signature mode: AccessKey ID as username, HMAC signature as password
String accessKey = System.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID");
String secretKey = System.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET");
connOpts.setUserName(accessKey);
connOpts.setPassword(Tools.macSignature(clientId, secretKey).toCharArray());
client.connect(connOpts);
// Publish and subscribe -- no changes to message logic
client.publish("my/topic", new MqttMessage("Hello".getBytes()));For the complete Tools class implementation and other authentication methods, see Demo projects.
| Placeholder | Description | Where to find it |
|---|---|---|
mqtt-cn-****** | Instance endpoint prefix | Instances page > Endpoints for Client SDK tab |
GID_test | Group ID | Groups page in the ApsaraMQ for MQTT console |
ALIBABA_CLOUD_ACCESS_KEY_ID | AccessKey ID (environment variable) | AccessKey management |
ALIBABA_CLOUD_ACCESS_KEY_SECRET | AccessKey Secret (environment variable) | AccessKey management |
Step 3: Verify the connection
After you update the parameters, start your client application. The existing publish and subscribe logic works without changes -- messages are now routed through ApsaraMQ for MQTT.
To confirm that your client connected successfully:
In the ApsaraMQ for MQTT console, open your instance's Instance Details page.
Check that your client appears in the connected client list.
Publish a test message and verify that subscribers receive it.
Troubleshoot connection failures
If the connection fails, check the following:
| Symptom | Possible cause | Solution |
|---|---|---|
| Connection refused | Incorrect endpoint | Verify that the broker URL matches the endpoint on the Endpoints for Client SDK tab. |
| Authentication failure | Invalid credentials | Verify that the username and password/signature are correct for your chosen authentication method. |
| Client ID rejected | Invalid format | Verify that clientId follows the <GroupID>@@@<DeviceID> format and uses a valid group ID created in the console. |
| Topic not found | Topic not created | Create the topic in the ApsaraMQ for MQTT console before publishing. |
Use shared subscriptions with cloud SDKs
Standard MQTT $share topics are not supported on ApsaraMQ for MQTT. If your open-source broker uses $share-prefixed topics for shared subscriptions, switch to the ApsaraMQ for MQTT cloud SDKs.
Cloud SDKs provide the following capabilities for distributed cloud applications:
Shared subscriptions
Message publishing and subscribing
Client status notifications
Cloud SDK for Java and Cloud SDK for Go are available. For setup instructions and code examples, see Cloud SDK overview.
Cloud SDKs connect to ApsaraMQ for MQTT brokers through a server-side API, not through the MQTT protocol. Use cloud SDKs for server-side applications that need shared subscriptions. Device-side clients continue to use the MQTT protocol as described in this guide.
What's next
Authentication overview -- Learn about all supported authentication methods, including token-based and custom authentication.
Demo projects -- Download complete sample projects for Java and other languages.
Instance editions -- Compare editions and features to choose the right instance for your workload.