CompanyServicesBlogDownloads
Search…
1.12.3
Welcome
Getting Started
Downloads
VerneMQ / MQTT Introduction
Installing VerneMQ
Installing on Debian and Ubuntu
Installing on CentOS and RHEL
Running VerneMQ using Docker
Configuring VerneMQ
Introduction
The VerneMQ conf file
Auth using files
Auth using a database
MQTT Options
MQTT Listeners
HTTP Listeners
Non-standard MQTT options
Websockets
Logging
Consumer session balancing
Plugins
Shared subscriptions
Advanced Options
Storage
MQTT Bridge
VerneMQ Clustering
Introduction
Inter-node Communication
Dealing with Netsplits
Live Administration
Introduction
Inspecting and managing sessions
Retained messages
Live reconfiguration
Managing Listeners
HTTP API
Tracing
Monitoring
Introduction
$SYSTree
Graphite
Netdata
Prometheus
Health Checker
Status Page
Plugin Development
Introduction
Session lifecycle
Subscribe Flow
Publish Flow
Enhanced Auth Flow
Erlang Boilerplate
Lua Scripting Support
Webhooks
Misc
Loadtesting VerneMQ
Not a tuning guide
Change Open File Limits
Guides
A typical VerneMQ deployment
VerneMQ on Kubernetes
Loadtesting VerneMQ
Clustering during development
Not a tuning guide
Change Open File Limits
Powered By GitBook
Webhooks
How to implement VerneMQ plugins using a HTTP/HTTPS interface
The VerneMQ Webhooks plugin provides an easy and flexible way to build powerful plugins for VerneMQ using web hooks. With VerneMQ Webhooks you are free to select the implementation language to match your technical requirements or the language in which you feel comfortable and productive in. You can use any modern language such as Python, Go, C#/.Net and indeed any language in which you can build something that can handle HTTP requests.
The idea of VerneMQ Webhooks very simple: you can register an HTTP endpoint with a VerneMQ plugin hook and whenever the hook (such as auth_on_register) is called, the VerneMQ Webhooks plugin dispatches a HTTP post request to the registered endpoint. The HTTP post request contains a HTTP header like vernemq-hook: auth_on_register and a JSON encoded payload. The endpoint then responds with code 200 on success and with a JSON encoded payload informing the VerneMQ Webhooks plugin which action to take (if any).

Configuring webhooks

To enable webhooks make sure to set:
1
plugins.vmq_webhooks = on
Copied!
And then each webhook can be configured like this:
1
vmq_webhooks.mywebhook1.hook = auth_on_register
2
vmq_webhooks.mywebhook1.endpoint = http://127.0.0.1/myendpoints
Copied!
It is possible to have the webhooks plugin omit sending the payload for the auth_on_publish and auth_on_publish_m5 webhooks by setting the no_payload config:
1
vmq_webhooks.mywebhook1.no_payload = on
Copied!
It is also possible to dynamically register webhooks at run-time:
1
$ vmq-admin webhooks register hook=auth_on_register endpoint="http://localhost"
Copied!
See which endpoints are registered:
1
$ vmq-admin webhooks show
Copied!
And finally deregistering an endpoint:
1
$ vmq-admin webhooks deregister hook=auth_on_register endpoint="http://localhost"
Copied!
You might consider placing the endpoint implementation locally on each VerneMQ node such that each request can go over localhost without being subject to network issues.

HTTPS

In case your WebHooks backend requires HTTPS, you can configure the VerneMQ internal HTTP client to do so as well. There are various option you can set in the vernemq.conf file:
1
vmq_webhooks.cafile
2
vmq_webhooks.tls_version
3
vmq_webhooks.verify_peer
4
vmq_webhooks.depth
5
vmq_webhooks.certfile
6
vmq_webhooks.use_crls
7
vmq_webhooks.keyfile
8
vmq_webhooks.keyfile_password
Copied!
Check the WebHooks Schema file for quick documentation on those options or to look up their configured defaults.

Connection pool configuration

Each registered hook uses by default a connection pool containing maximally 100 connections. This can be changed by setting vmq_webhooks.pool_max_connections to a different value. Similarly the vmq_webhooks.pool_timeout configuration (value is in milliseconds) can be set to control how long an unused connection should stay in the connection pool before being closed and removed. The default value is 60000 (60 seconds).

Caching

VerneMQ webhooks support caching of the auth_on_register, auth_on_publish and auth_on_subscribe hooks.
This can be used to speed up authentication and authorization tremendously. All data passed to these hooks is used to look if the call is in the cache, except in the case of the auth_on_publish where the payload is omitted.
To enable caching for an endpoint simply return the cache-control: max-age=AgeInSeconds in the response headers to one of the mentioned hooks. If the call was successful (authentication granted), the request will be cached together with any modifiers, except for the payload modifier in the auth_on_publish hook.
Whenever a non-expired entry is looked up in the cache the endpoint will not be called and the modifiers of the cached entry will be returned, if any.
It is possible to inspect the cache using:
1
$ vmq-admin webhooks cache show
Copied!
Cache entries are currently not actively disposed after expiry and will remain in memory.

Webhook specs

All webhooks are called with method POST. All hooks need to be answered with the HTTP code 200 to be considered successful. Any hook called that does not return the 200 code will be logged as an error as will any hook with an unparseable payload.
All hooks are called with the header vernemq-hook which contains the name of the hook in question.
For detailed information about the hooks and when they are called, see the sections Session Lifecycle, Subscribe Flow and Publish Flow.
Note, when overriding a mountpoint or a client-id both have to be returned by the webhook implementation for it to have an effect.

auth_on_register

Header: vernemq-hook: auth_on_register
Webhook example payload:
1
{
2
"peer_addr": "127.0.0.1",
3
"peer_port": 8888,
4
"username": "username",
5
"password": "password",
6
"mountpoint": "",
7
"client_id": "clientid",
8
"clean_session": false
9
}
Copied!
A minimal response indicating the authentication was successful looks like:
1
{
2
"result": "ok"
3
}
Copied!
It is also possible to override various client specific settings by returning an array of modifiers:
1
{
2
"result": "ok",
3
"modifiers": {
4
"max_message_size": 65535,
5
"max_inflight_messages": 10000,
6
"retry_interval": 20000
7
}
8
}
Copied!
Note, the retry_interval is in milli-seconds. It is possible to override many more settings, see the Session Lifecycle for more information.
Other possible responses:
1
{
2
"result": "next"
3
}
Copied!
1
{
2
"result": {
3
"error": "not_allowed"
4
}
5
}
Copied!

auth_on_subscribe

Header: vernemq-hook: auth_on_subscribe
Webhook example payload:
1
{
2
"client_id": "clientid",
3
"mountpoint": "",
4
"username": "username",
5
"topics":
6
[{"topic": "a/b",
7
"qos": 1},
8
{"topic": "c/d",
9
"qos": 2}]
10
}
Copied!
A minimal response indicating the subscription authorization was successful looks like:
1
{
2
"result": "ok"
3
}
Copied!
Another example where where the topics to subscribe have been rewritten looks like:
1
{
2
"result": "ok",
3
"topics":
4
[{"topic": "rewritten/topic",
5
"qos": 0}]
6
}
Copied!
Note, you can also pass a qos with value 128 which means it was either not possible or the client was not allowed to subscribe to that specific question.
Other possible responses:
1
{
2
"result": "next"
3
}
Copied!
1
{
2
"result": { "error": "some error message" }
3
}
Copied!

auth_on_publish

Header: vernemq-hook: auth_on_publish
Note, in the example below the payload is not base64 encoded which is not the default.
Webhook example payload:
1
{
2
"username": "username",
3
"client_id": "clientid",
4
"mountpoint": "",
5
"qos": 1,
6
"topic": "a/b",
7
"payload": "hello",
8
"retain": false
9
}
Copied!
A minimal response indicating the publish was authorized looks like:
1
{
2
"result": "ok"
3
}
Copied!
A more complex example where the publish topic, qos, payload and retain flag is rewritten looks like:
1
{
2
"result": "ok",
3
"modifiers": {
4
"topic": "rewritten/topic",
5
"qos": 2,
6
"payload": "rewritten payload",
7
"retain": true
8
}
9
}
Copied!
Other possible responses:
1
{
2
"result": "next"
3
}
Copied!
1
{
2
"result": { "error": "some error message" }
3
}
Copied!

on_register

Header: vernemq-hook: on_register
Webhook example payload:
1
{
2
"peer_addr": "127.0.0.1",
3
"peer_port": 8888,
4
"username": "username",
5
"mountpoint": "",
6
"client_id": "clientid"
7
}
Copied!
The response should be an empty json object {}.

on_publish

Header: vernemq-hook: on_publish
Note, in the example below the payload is not base64 encoded which is not the default.
Webhook example payload:
1
{
2
"username": "username",
3
"client_id": "clientid",
4
"mountpoint": "",
5
"qos": 1,
6
"topic": "a/b",
7
"payload": "hello",
8
"retain": false
9
}
Copied!
The response should be an empty json object {}.

on_subscribe

Header: vernemq-hook: on_subscribe
Webhook example payload:
1
{
2
"client_id": "clientid",
3
"mountpoint": "",
4
"username": "username",
5
"topics":
6
[{"topic": "a/b",
7
"qos": 1},
8
{"topic": "c/d",
9
"qos": 2}]
10
}
Copied!
The response should be an empty json object {}.

on_unsubscribe

Header: vernemq-hook: on_unsubscribe
Webhook example payload:
1
{
2
"username": "username",
3
"client_id": "clientid",
4
"mountpoint": "",
5
"topics":
6
["a/b", "c/d"]
7
}
Copied!
Example response:
1
{
2
"result": "ok",
3
"topics":
4
["rewritten/topic"]
5
}
Copied!
Other possible responses:
1
{
2
"result": "next"
3
}
Copied!
1
{
2
"result": { "error": "some error message" }
3
}
Copied!

on_deliver

Header: vernemq-hook: on_deliver
Note, in the example below the payload is not base64 encoded which is not the default.
Webhook example payload:
1
{
2
"username": "username",
3
"client_id": "clientid",
4
"mountpoint": "",
5
"topic": "a/b",
6
"payload": "hello"
7
}
Copied!
Example response:
1
{
2
"result": "ok",
3
"modifiers":
4
{
5
"topic": "rewritten/topic",
6
"payload": "rewritten payload"
7
}
8
}
Copied!
Other possible responses:
1
{
2
"result": "next"
3
}
Copied!

on_offline_message

Header: vernemq-hook: on_offline_message
Note, in the example below the payload is not base64 encoded which is not the default.
Webhook example payload:
1
{
2
"client_id": "clientid",
3
"mountpoint": "",
4
"qos": "1",
5
"topic": "sometopic",
6
"payload": "payload",
7
"retain": false
8
}
Copied!
The response should be an empty json object {}.

on_client_wakeup

Header: vernemq-hook: on_client_wakeup
Webhook example payload:
1
{
2
"client_id": "clientid",
3
"mountpoint": ""
4
}
Copied!
The response should be an empty json object {}.

on_client_offline

Header: vernemq-hook: on_client_offline
Webhook example payload:
1
{
2
"client_id": "clientid",
3
"mountpoint": ""
4
}
Copied!
The response should be an empty json object {}.

on_client_gone

Header: vernemq-hook: on_client_gone
Webhook example payload:
1
{
2
"client_id": "clientid",
3
"mountpoint": ""
4
}
Copied!
The response should be an empty json object {}.

auth_on_register_m5

Header: vernemq-hook: auth_on_register_m5
Webhook example payload:
1
{
2
"peer_addr": "127.0.0.1",
3
"peer_port": 8888,
4
"mountpoint": "",
5
"client_id": "client-id",
6
"username": "username",
7
"password": "password",
8
"clean_start": true,
9
"properties": {}
10
}
Copied!
A minimal response indicating the authentication was successful looks like:
1
{
2
"result": "ok"
3
}
Copied!
It is also possible to override various client specific settings by returning an array of modifiers:
1
{
2
"result": "ok",
3
"modifiers": {
4
"max_message_size": 65535,
5
"max_inflight_messages": 10000
6
}
7
}
Copied!
Note, the retry_interval is in milli-seconds. It is possible to override many more settings, see the Session Lifecycle for more information.
Other possible responses:
1
{
2
"result": "next"
3
}
Copied!
1
{
2
"result": {
3
"error": "not_allowed"
4
}
5
}
Copied!

on_auth_m5

Header vernemq-hook: on_auth_m5
Webhook example payload:
1
{
2
"username": "username",
3
"mountpoint": "",
4
"client_id": "client-id",
5
"properties": {
6
"p_authentication_data": "QVVUSF9EQVRBMA==",
7
"p_authentication_method": "AUTH_METHOD"
8
}
9
}
Copied!
Note, as the authentication data is binary data it is base64 encoded.
A minimal response indicating the authentication was successful looks like:
1
"modifiers": {
2
"properties": {
3
"p_authentication_data": "QVVUSF9EQVRBMQ==",
4
"p_authentication_method": "AUTH_METHOD"
5
}
6
"reason_code": 0
7
},
8
"result": "ok"
9
}
Copied!
If authentication were to continue for another round a reason code with value 24 (Continue Authentication) should be returned instead. See also the relevant section in the MQTT 5.0 specification.

auth_on_subscribe_m5

Header: vernemq-hook: auth_on_subscribe_m5
Webhook example payload:
1
{
2
"username": "username",
3
"mountpoint": "",
4
"client_id": "client-id",
5
"topics": [
6
{
7
"topic": "test/topic",
8
"qos": 1
9
}
10
],
11
"properties": {}
12
}
Copied!
A minimal response indicating the subscription authorization was successful looks like:
1
{
2
"result": "ok"
3
}
Copied!
Another example where where the topics to subscribe have been rewritten looks like:
1
{
2
"modifiers": {
3
"topics": [
4
{
5
"qos": 2,
6
"topic": "rewritten/topic"
7
},
8
{
9
"qos": 135,
10
"topic": "forbidden/topic"
11
}
12
]
13
},
14
"result": "ok"
15
}
Copied!
Note, the forbidden/topic has been rejected with the qos value of 135 (Not authorized).
Other responses
1
{
2
"result": "next"
3
}
Copied!
1
{
2
"result": {
3
"error": "not_allowed"
4
}
5
}
Copied!

auth_on_publish_m5

Header: vernemq-hook: auth_on_publish_m5
Note, in the example below the payload is not base64 encoded which is not the default.
Webhook example payload:
1
{
2
"username": "username",
3
"mountpoint": "",
4
"client_id": "client-id",
5
"qos": 1,
6
"topic": "some/topic",
7
"payload": "message payload",
8
"retain": false,
9
"properties": {
10
}
11
}
Copied!
A minimal response indicating the publish was authorized looks like:
1
{
2
"result": "ok"
3
}
Copied!
A response where the publish topic has been rewritten:
1
{
2
"modifiers": {
3
"topic": "rewritten/topic"
4
},
5
"result": "ok"
6
}
Copied!
Other possible responses:
1
{
2
"result": "next"
3
}
Copied!
1
{
2
"result": {
3
"error": "not_allowed"
4
}
5
}
Copied!

on_register_m5

Header: vernemq-hook: on_register_m5
Webhook example payload:
1
{
2
"peer_addr": "127.0.0.1",
3
"peer_port": 8888,
4
"mountpoint": "",
5
"client_id": "client-id",
6
"username": "username",
7
"properties": {
8
}
9
}
Copied!
The response should be an empty json object {}.

on_publish_m5

Header: vernemq-hook: on_publish_m5
Note, in the example below the payload is base64 encoded .
Webhook example payload:
1
{
2
"username": "username",
3
"mountpoint": "",
4
"client_id": "client-id",
5
"qos": 1,
6
"topic": "test/topic",
7
"payload": "message payload",
8
"retain": false,
9
"properties": {
10
}
11
}
Copied!
The response should be an empty json object {}.

on_subscribe_m5

Header: vernemq-hook: on_subscribe_m5
Webhook example payload:
1
{
2
"username": "username",
3
"mountpoint": "",
4
"client_id": "client-id",
5
"topics": [
6
{
7
"topic": "test/topic",
8
"qos": 1
9
},
10
{
11
"topic": "test/topic",
12
"qos": 128
13
}
14
],
15
"properties": {
16
}
17
}
Copied!
Note, the qos value of 128 (Unspecified error) means the subscription was rejected.
The response should be an empty json object {}.

on_unsubscribe_m5

Header: vernemq-hook: on_unsubscribe_m5
Webhook example payload:
1
{
2
"username": "username",
3
"mountpoint": "",
4
"client_id": "client-id",
5
"topics": [
6
"test/topic"
7
],
8
"properties": {
9
}
10
}
Copied!
Example response:
1
{
2
"modifiers": {
3
"topics": [
4
"rewritten/topic"
5
]
6
},
7
"result": "ok"
8
}
Copied!
Other possible responses:
1
{
2
"result": "next"
3
}
Copied!

on_deliver_m5

Header: vernemq-hook: on_deliver_m5
Note, in the example below the payload is not base64 encoded which is not the default.
Webhook example payload:
1
{
2
"username": "username",
3
"mountpoint": "",
4
"client_id": "client-id",
5
"topic": "test/topic",
6
"payload": "message payload",
7
"properties": {
8
}
9
}
Copied!
Example response:
1
{
2
"result": "ok"
3
}
Copied!
Other possible responses:
1
{
2
"result": "next"
3
}
Copied!

Example Webhook in Python

Below is a very simple example of an endpoint implemented in Python. It uses the web and json modules and implements handlers for three different hooks: auth_on_register, auth_on_publish and auth_on_subscribe.
The auth_on_register hook only restricts access only to the user with username joe and password secret. The auth_on_subscribe and auth_on_publish hooks allow any subscription or publish to continue as is. These last two hooks are needed as the default policy is deny.
To enable the WebHooks for this example, add the following lines to the vernemq.conf file:
1
plugins.vmq_webhooks = on
2
vmq_webhooks.register.hook = auth_on_register
3
vmq_webhooks.publish.hook = auth_on_publish
4
vmq_webhooks.subscribe.hook = auth_on_subscribe
5
​
6
vmq_webhooks.register.endpoint = http://127.0.0.1:8080/myendpoints
7
vmq_webhooks.publish.endpoint = http://127.0.0.1:8080/myendpoints
8
vmq_webhooks.subscribe.endpoint = http://127.0.0.1:8080/myendpoints
Copied!
1
import web
2
import json
3
​
4
urls = ('/.*', 'hooks')
5
app = web.application(urls, globals())
6
​
7
class hooks:
8
def POST(self):
9
​
10
# fetch hook and request data
11
hook = web.ctx.env.get('HTTP_VERNEMQ_HOOK')
12
data = json.loads(web.data())
13
​
14
# print the hook and request data to the console
15
print
16
print 'hook:', hook
17
print ' data: ', data
18
​
19
# dispatch to appropriate function based on the hook.
20
if hook == 'auth_on_register':
21
return handle_auth_on_register(data)
22
elif hook == 'auth_on_publish':
23
return handle_auth_on_publish(data)
24
elif hook == 'auth_on_subscribe':
25
return handle_auth_on_subscribe(data)
26
else:
27
web.ctx.status = 501
28
return "not implemented"
29
​
30
def handle_auth_on_register(data):
31
# only allow user 'joe' with password 'secret', reject all others.
32
if "joe" == data['username']:
33
if "secret" == data['password']:
34
return json.dumps({'result': 'ok'})
35
​
36
return json.dumps({'result': {'error': 'not allowed'}})
37
​
38
def handle_auth_on_publish(data):
39
# accept all publish requests
40
return json.dumps({'result': 'ok'})
41
​
42
def handle_auth_on_subscribe(data):
43
# accept all subscribe requests
44
return json.dumps({'result': 'ok'})
45
​
46
if __name__ == '__main__':
47
app.run()
Copied!
Plugin Development - Previous
Lua Scripting Support
Next - Misc
Loadtesting VerneMQ
Last modified 16h ago
Export as PDF
Copy link
Edit on GitHub
Contents
Configuring webhooks
HTTPS
Connection pool configuration
Caching
Webhook specs
auth_on_register
auth_on_subscribe
auth_on_publish
on_register
on_publish
on_subscribe
on_unsubscribe
on_deliver
on_offline_message
on_client_wakeup
on_client_offline
on_client_gone
auth_on_register_m5
on_auth_m5
auth_on_subscribe_m5
auth_on_publish_m5
on_register_m5
on_publish_m5
on_subscribe_m5
on_unsubscribe_m5
on_deliver_m5
Example Webhook in Python