Skip to main content
Version: Mosquitto 2.8


The Management Center for Mosquitto REST API (MMC) provides endpoints to return status data and allows active management of the Mosquitto DynSec Plugin and the User Management. Mosquitto administrators can use the REST API to perform automated actions, which would normally be administered via the Management Center.

Authenticate / Login

MMC credentials

In order to use the REST API you first need to authenticate. Note that after a successful login a cookie is created that contains the session id. This cookie needs to be passed to any further request to the API. For example when using the curl command you can use the --cookie-jar option for storing that cookie automatically and the --cookie option for further requests to automatically read that cookie and pass it with the request.

The following command shows how to authenticate using curl. Please replace the <BASE_URL>, <USERNAME> and <PASSWORD> placeholders accordingly:

  • <BASE_URL>: The base URL where the installation of the Management Center is hosted (including the protocol and base path, e.g.,
  • <USERNAME>: The name of the user which has access to the REST API.
  • <PASSWORD>: The password of the user which has access to the REST API.
curl --cookie-jar .cookies \
--request POST <BASE_URL>/auth \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d "username=<USERNAME>&password=<PASSWORD>"

API Token

Besides the approach of using user credentials of the MMC another way of authenticating is the use of API Tokens. These can either be created via the MMC directly or using the REST API and can have different access level.

Add created token to API requests as bearer token for authentication.

Available APIs