MQTT Broker
The TagoDeploy MQTT Broker is a fully managed MQTT service that runs inside your private TagoDeploy instance. It gives you a dedicated, single-tenant MQTT infrastructure with enterprise security, fine-grained access control, and built-in routing to TagoIO—separate from the public, multi-tenant TagoIO MQTT broker.
Use it to deploy one or more private brokers, authenticate devices, enforce topic-level permissions, and route messages to your projects with predictable performance and full administrative control.
What you get
- Private, isolated MQTT infrastructure within your TagoDeploy environment
- TLS encryption with custom certificate management
- Advanced authentication (per client) and ACLs via Groups
- Real-time visibility of connections and activity
- Multi-broker support in the same TagoDeploy instance
- Global deployment across 12+ AWS regions
- Integrated pipelines to deliver MQTT data to your API instance
How it works (high level)
The broker processes data in three stages:
- Authenticate: Devices connect over TLS using client credentials you define.
- Authorize: Groups and ACLs control publish/subscribe permissions per topic.
- Route: Pipelines forward matched topics to your API instance with the required authorization and network tokens.
Typical setup
- Create the MQTT service in your region and track deployment in the console.
- Get the broker endpoint from Domains.
- Configure authentication (Client IDs, usernames, passwords).
- Define Groups and topic permissions (publish/subscribe).
- Link auth to Groups with ACLs.
- Create a Network and payload parser (e.g., extract serial, map to device).
- Configure a Pipeline: target API endpoint, topics, and credentials.
- Send data using your assigned credentials and topics.