hypernephelist n. [from Greek nepho-, cloud] someone who goes above the clouds.

Azure IoT Hub and MQTT tips & tricks

Azure IoT Hub has had MQTT support for a little while now, as documented in this article: IoT Hub MQTT support. However it might sometimes be tricky to figure out how to use this information with currently available MQTT libraries. Here are a couple tips & tricks and code samples to get you started.

First, read carefully the section titled Using the MQTT protocol directly; it describes how to assemble the credentials required to connect to the device endpoints. The article is self explanatory, but here are some tips:

  • You need to generate a SAS Token for the device to use as a password. You can do this on Windows as described in the article, using the DeviceExplorer GUI tool. You currently can’t do it via the iothub-explorer command-line tool, but hopefully once this PR is merged in, you should be able to use the new sas-token option.
  • The article doesn’t mention it, but you need to connect via SSL/TLS, using port 8883.
  • Click through to the Notes on MQTT support for another useful piece of information: IoT Hub implements the MQTT v3.1.1 protocol specifically.

Now let’s looke at a simple example showing how to use the Paho MQTT Python client to send data to Azure IoT Hub. You need to assemble the rights credentials and configure TLS and the MQTT protocol version appropriately.


import paho.mqtt.publish as publish
import paho.mqtt.client as mqtt
import ssl

auth = {
  'password':"SharedAccessSignature sr=ciscohackhub.azure-devices.net%2Fdevices%2Flora1&sig=xxxx&se=1463048772"

tls = {

  payload="hello world",

The trick here is to specify all the protocol versions (TLSv1, MQTTv311) and properly configure the CA certificates for TLS.

Here is another quick example, this time using the Node.JS MQTT.js built-in command line tool “mqtt”:

mqtt publish -C mqtts \
-h ciscohackhub.azure-devices.net -p 8883 \
-i lora1 \
-u 'ciscohackhub.azure-devices.net/lora1' \
-P 'SharedAccessSignature sr=ciscohackhub.azure-devices.net%2fdevices%2flora1&sig=xxxx&se=1470823180' \
-t 'devices/lora1/messages/events' \
-m "hello mqtt"