Can the free public MQTT broker be used in production?

The shared MQTT broker is for testing only. It has no SLA, connections reset regularly, and credentials rotate, so production workloads should run on a dedicated MQTT.pro instance.

How frequently are the public MQTT broker credentials rotated?

Credentials change whenever abuse is detected or maintenance is required. Always review the public broker page before a demo or workshop to confirm the latest username and password.

Is there any rate limiting or connection quota on the public broker?

Yes. We cap concurrent connections per IP, throttle bursts beyond roughly 20 messages per second, and close idle sessions to keep the sandbox responsive for every tester.

Which MQTT features work on the shared sandbox?

QoS 0 and 1 are supported, while QoS 2 traffic may be downgraded during peak times. Large retained messages and persistent sessions are cleared regularly to prevent data leakage between users.

How should I secure devices while using the public broker?

Enable TLS on port 8883, rotate client identifiers, and avoid publishing sensitive payloads. Upgrade to a managed MQTT.pro cluster for private certificates, ACLs, and network isolation.

How do I upgrade from the public MQTT broker to a managed service?

Select a plan on the MQTT.pro pricing page, provision your dedicated broker, and repoint clients to the new host. Our team can help migrate credentials and import TLS material if needed.

What diagnostics are available on paid MQTT.pro plans?

Managed plans unlock detailed connection logs, message tracing, and metrics exports so you can troubleshoot MQTT traffic safely. The public broker only exposes aggregate telemetry to protect other testers.

Free Public MQTT Broker (Test Only)

Spin up client demos, workshops, and protocol experiments without provisioning infrastructure. This shared endpoint is refreshed often, carries no SLA, and any credential can change without notice.

Testing workloads only Credentials rotate Best-effort uptime

Launch a managed MQTT broker

Broker: public.mqtt.pro
TCP Port: 1883
TLS Port: 8883
Username: ajbkvbp/device-test
Password: IEfqJoVbAeCQblDW
ClientID: YourCustomString

These shared credentials are refreshed regularly to protect the sandbox. Expect rate limiting, periodic cleanups, and connection resets if usage affects other testers. Generate a unique client ID per session to prevent disconnects.

Understand the public broker limitations

Design your tests with the sandbox constraints in mind so you can validate quickly and know when it is time to upgrade.

Lightweight throughput

Connections are capped per IP, bursts above 20 messages per second are throttled, and retained messages over 1 KB are pruned. Plan for occasional disconnects while other testers share capacity.

Ephemeral data

Payloads are flushed nightly, sessions are set with clean start, and QoS 2 handshakes may be downgraded. Never send secrets or production telemetry through the community endpoint.

Shared security model

TLS 1.2+ is available on port 8883, but certificates are public. Enforce encryption from your clients, rotate client IDs, and prefer managed plans when you need private CA material.

Connect with popular MQTT clients

Speed up your first publish with copy-paste ready examples for desktop apps, command-line tools, and low-code flows.

MQTTX

Create a new connection, choose TLS, and paste the settings below. Use a unique client ID each time you connect.

{
  "name": "MQTT.pro Sandbox",
  "clientId": "demo-client-1234",
  "host": "public.mqtt.pro",
  "port": 8883,
  "username": "ajbkvbp/device-test",
  "password": "IEfqJoVbAeCQblDW",
  "ssl": true
}

If TLS fails during local debugging, switch to port 1883 temporarily and re-enable encryption before sharing the connection file.

Mosquitto CLI

Test publish and subscribe flows directly from your terminal.

# Subscribe with TLS
mosquitto_sub -h public.mqtt.pro -p 8883 -u "ajbkvbp/device-test" -P "IEfqJoVbAeCQblDW" -t "sandbox/example" -q 1 --capath /etc/ssl/certs

# Publish a message
mosquitto_pub -h public.mqtt.pro -p 8883 -u "ajbkvbp/device-test" -P "IEfqJoVbAeCQblDW" -t "sandbox/example" -q 1 -m "hello from mqtt_pro"

Remove the `--capath` flag if your environment already trusts public certificate authorities.

Node-RED

Use an MQTT In/Out node pair and import the flow template below.

[
  {
    "id": "mqtt-pro-public",
    "type": "mqtt-broker",
    "name": "MQTT.pro Sandbox",
    "broker": "public.mqtt.pro",
    "port": "8883",
    "clientid": "nodered-demo",
    "credentials": {
      "user": "ajbkvbp/device-test",
      "password": "IEfqJoVbAeCQblDW"
    }
  }
]

Enable TLS in the configuration panel or switch to port 1883 while you validate your flow.

Stay in the MQTT.pro ecosystem

Deepen your MQTT skills with detailed guides authored by our engineering team.

Hands-on MQTT tutorial

Follow a step-by-step walkthrough that builds from the public sandbox to production-ready patterns.

Read the guide →

MQTT security checklist

Learn the hardening steps we apply on managed clusters, including TLS mutual auth and auditing.

Review best practices →

MQTT Pro deployment tips

Explore capacity planning, message retention strategies, and growth milestones from our success team.

See how teams scale →

Free public MQTT broker vs managed MQTT broker pricing

Compare the limitations of the free MQTT sandbox with the reliability of our fully managed MQTT broker plans before you launch a production workload.

Comparison between the free public MQTT broker and managed MQTT broker plans.
Feature	Public MQTT Broker (Free)	Managed MQTT Broker Plans
Authentication	Shared credentials rotated periodically and visible to all testers.	Dedicated usernames, fine-grained ACLs, and SSO/SAML availability.
Encryption	Optional TLS; certificates are shared and not hardened with custom CA.	Managed TLS certificates, custom domains, and mutual authentication.
Message throughput	Best effort; traffic can be throttled for noisy neighbors.	Guaranteed quotas with transparent MQTT broker pricing for each tier.
SLA and uptime	No uptime commitment and the host may restart without notice.	99.9%+ uptime backed by service level agreements on Growth and Scale plans.
Support	Community only; no dedicated response channel.	Email, priority ticketing, and engineering escalation for enterprise use.
Recommended use	Quick MQTT tutorials, client demos, protocol experiments.	Production IoT products, telemetry pipelines, messaging backbones.
Cost	Free, no SLA.	Starts at $9/month with 7-day money-back guarantee.

Ready for production? Upgrade to a dedicated MQTT cluster with predictable pricing, private credentials, and compliance-ready logging.

Explore pricing plans

Public MQTT broker FAQ

Answers to the most common questions about the free broker and how to transition to a managed MQTT deployment.

Can I run production traffic on the public broker?

No. The public endpoint is shared by thousands of testers, so credentials rotate, connections reset, and throughput is best effort. Launch a managed MQTT.pro cluster when you need guarantees, private credentials, or compliance coverage.

How often do the public broker credentials change?

Authentication details can change at any time to protect the community from abuse. Bookmark this page and review it before workshops or demos so you always have the latest username and password.

Is there any rate limiting or connection quota?

Yes. We cap simultaneous sessions per IP, throttle bursts above roughly 20 messages per second, and close idle connections after 15 minutes. These safeguards keep the sandbox usable for everyone.

Which MQTT features are supported here?

QoS 0 and 1 are available, with QoS 2 downgraded when the cluster is busy. Retained messages larger than 1 KB are purged nightly, and persistent sessions are reset with clean start to prevent cross-user data leakage.

How do I keep my devices secure while testing?

Always enable TLS on port 8883, rotate client IDs regularly, and avoid publishing secrets or customer data. For deeper security controls such as mutual TLS or VPC peering, upgrade to a dedicated plan.

What is the quickest path to upgrade when I outgrow the free tier?

Pick a plan on the pricing page, provision your managed broker, and update clients to the new host. Our team can help migrate credentials and import TLS material.

Do paid plans include logging and debugging tools?

Managed plans expose granular connection logs, message tracing, and metrics export so your engineers can troubleshoot quickly. The public broker only publishes aggregate telemetry to avoid exposing other testers.

Launch a dedicated MQTT broker with our team

Need a custom quote, migration plan, or proof-of-concept support? Our engineers will help you move from the public sandbox to a production-ready MQTT cluster.