tencent cloud

TDMQ for MQTT

Release Notes and Announcements
Release Notes
Product Introduction
TDMQ Product Series Introduction and Selection
What Is TDMQ for MQTT
Scenarios
Technical Architecture
Product series
MQTT Protocol Compatibility Notes
Comparison with Apache
High Availability
Product Constraints and Usage Quota
Basic Concepts
Supported Regions
Billing
Billing Overview
Renewal Instructions
Viewing Consumption Details
Overdue Payment Instructions
Refund
Getting Started
Guide for Getting Started
Preparations
Public Network Access
VPC Network Access
User Guide
Usage Process Guide
Configuring Account Permission
Creating a Cluster
Managing Topic
Connecting to the Cluster
Querying Messages
Managing Client
Managing a Cluster
Viewing Monitoring Metrics and Configuring Alarm Policies
Data Integration
Integrating Data Into SCF
Integrating Data Into CKafka
Integrating Data into RocketMQ
Development Guide
MQTT 5 Advanced Features
Data Plane HTTP API Description
Quota and Flow Control Mechanism Description
Configuring a Custom Domain Name
Configuring SQL Filtering
Configuring Point-to-Point Subscription
MQTT over QUIC
Managing Client Subscription
Message Enhancement Rule
Use Cases
Must-Knows for MQTT Client Development
Observability
Topic and Wildcard Subscriptions
​​API Reference
History
Introduction
API Category
Making API Requests
Cluster APIs
Topic APIs
Authorization Policy APIs
User APIs
Client APIs
Message Enhancement Rule APIs
Message APIs
Data Types
Error Codes
SDK Reference
Access Point Format
Java SDK
C SDK
Javascript/Node.JS/Mini Program
Go SDK
iOS SDK
JavaScript SDK
Dart SDK
Python SDK
.NET
Security and Compliance
Permission Management
FAQs
Related Agreement
Privacy Policy
Data Privacy And Security Agreement
TDMQ for MQTT Service Level Agreement
Contact Us
DocumentationTDMQ for MQTTGetting StartedPublic Network AccessStep 2: Configuring Authentication and Authorization

Step 2: Configuring Authentication and Authorization

PDF
Focus Mode
Font Size
Last updated: 2026-04-01 16:24:56
MQTT provides multiple authentication methods to ensure secure communication between clients and the server. Username and password authentication is the most basic authentication method. This document uses this method as an example to introduce the operation steps for quickly configuring authentication and authorization.

Creating a User

1. Log in to the TDMQ for MQTT console.
2. In the left sidebar, choose Resource > Cluster, select a region, and click the ID of the created cluster.
3. On the cluster basic information page, select Authentication and enter the Username and Password tab. Currently, username and password authentication is used as an example. For more authentication methods, see Certification Method Overview.
4. Click Create User, fill in the username and description, and set a password. Username and password authentication is the most basic authentication method provided by MQTT. You need to fill them in when using the client to publish or subscribe to messages.
Username: must be no more than 32 characters in length and can contain only digits, upper- and lower-case letters, hyphens (-), and underscores (_).
Password: can be automatically generated by the system or customized.
Description (optional): can not exceed 128 characters.



5. Click Save to complete user creation. In the permission list, you can copy the username and password in any of the following ways.
Note:
Leaking your key could lead to data leakage. Please keep your password secure.
Method 1: Copying from the Token Column
Method 2: Viewing and Copying from the Operation Column
Copy from the Username and Password columns.

Click View Password in the Action column and click the Copy icon in the pop-up password window.




Configuring an Authorization Policy

TDMQ for MQTT supports fine-grained authorization policies, which can authorize by username, client identifier, topic, client IP address, and action (connect, publish, and subscribe).
When the authorization policy is not enabled, the data plane resources have no permission restrictions. You can use any username and password pair to connect, produce, and consume.
In the quick start stage, you can choose to disable the authorization policy and skip its configuration steps. For the production environment, it is recommended to perform fine-grained permission control based on the principle of least privilege.

If you have enabled authorization policy management, you need to grant producing and consuming permissions to the user you have created. For details, see Configuring Data Plane Authorization.
In the quick start stage, you can create a simple rule as follows, which allows access from all clients:
{
    "effect": "allow",
    "actions": [
        "connect",
        "pub",
        "sub"
    ],
    "topics": [
        "*"
    ],
    "condition": {
        "ip": "0.0.0.0/0",
        "clientId": "",
        "username": "",
        "qos": [
            0,
            1,
            2
        ],
        "retain": [
            "true",
            "false"
        ]
    }
}

Previous Topic: Step 1: Creating a Cluster and Configuring the Public NetworkNext Topic: Step 3: Using the SDK to Send and Receive Messages

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback