Nataly MusilahSuperMQ CoAP Adapter
SuperMQ CoAP adapter provides an CoAP API for sending messages through the platform.
Configuration
The service is configured using the environment variables presented in the following table. Note that any unset variables will be replaced with their default values.
| Variable | Description | Default |
|---|---|---|
SMQ_COAP_ADAPTER_LOG_LEVEL |
Log level for the CoAP Adapter (debug, info, warn, error) |
info |
SMQ_COAP_ADAPTER_HOST |
CoAP service listening host | "" |
SMQ_COAP_ADAPTER_PORT |
CoAP service listening port | 5683 |
SMQ_COAP_ADAPTER_SERVER_CERT |
Path to the PEM-encoded CoAP server certificate | "" |
SMQ_COAP_ADAPTER_SERVER_KEY |
Path to the PEM-encoded CoAP server key | "" |
SMQ_COAP_ADAPTER_HTTP_HOST |
Service HTTP listening host | "" |
SMQ_COAP_ADAPTER_HTTP_PORT |
Service HTTP listening port | 5683 |
SMQ_COAP_ADAPTER_HTTP_SERVER_CERT |
Path to the PEM-encoded HTTP server certificate | "" |
SMQ_COAP_ADAPTER_HTTP_SERVER_KEY |
Path to the PEM-encoded HTTP server key | "" |
SMQ_COAP_ADAPTER_CACHE_NUM_COUNTERS |
Number of cache counters that track topic parsing frequency | 200000 |
SMQ_COAP_ADAPTER_CACHE_MAX_COST |
Maximum cache size (bytes) | 1048576 |
SMQ_COAP_ADAPTER_CACHE_BUFFER_ITEMS |
Number of cache Get buffer items |
64 |
SMQ_CLIENTS_GRPC_URL |
Clients service Auth gRPC URL | localhost:7000 |
SMQ_CLIENTS_GRPC_TIMEOUT |
Clients service Auth gRPC request timeout | 1s |
SMQ_CLIENTS_GRPC_CLIENT_CERT |
Path to the PEM-encoded clients service Auth gRPC client certificate file | "" |
SMQ_CLIENTS_GRPC_CLIENT_KEY |
Path to the PEM-encoded clients service Auth gRPC client key file | "" |
SMQ_CLIENTS_GRPC_SERVER_CERTS |
Path to the PEM-encoded clients server Auth gRPC trusted CA certificate file | "" |
SMQ_MESSAGE_BROKER_URL |
Message broker instance URL | amqp://guest:guest@rabbitmq:5672/ |
SMQ_JAEGER_URL |
Jaeger server URL | http://localhost:4318/v1/traces |
SMQ_JAEGER_TRACE_RATIO |
Jaeger sampling ratio | 1.0 |
SMQ_SEND_TELEMETRY |
Send telemetry to SuperMQ call-home server | true |
SMQ_COAP_ADAPTER_INSTANCE_ID |
CoAP adapter instance ID | "" |
Deployment
The service itself is distributed as Docker container. Check the coap-adapter service section in docker-compose file to see how service is deployed.
Running this service outside of container requires working instance of the message broker service, clients service and Jaeger server. To start the service outside of the container, execute the following shell script:
# download the latest version of the service
git clone https://github.com/absmach/supermq
cd supermq
# compile the http
make coap
# copy binary to bin
make install
# set the environment variables and run the service
SMQ_COAP_ADAPTER_LOG_LEVEL=info \
SMQ_COAP_ADAPTER_HOST=localhost \
SMQ_COAP_ADAPTER_PORT=5683 \
SMQ_COAP_ADAPTER_SERVER_CERT="" \
SMQ_COAP_ADAPTER_SERVER_KEY="" \
SMQ_COAP_ADAPTER_HTTP_HOST=localhost \
SMQ_COAP_ADAPTER_HTTP_PORT=5683 \
SMQ_COAP_ADAPTER_HTTP_SERVER_CERT="" \
SMQ_COAP_ADAPTER_HTTP_SERVER_KEY="" \
SMQ_COAP_ADAPTER_CACHE_NUM_COUNTERS=200000 \
SMQ_COAP_ADAPTER_CACHE_MAX_COST=1048576 \
SMQ_COAP_ADAPTER_CACHE_BUFFER_ITEMS=64 \
SMQ_CLIENTS_GRPC_URL=localhost:7000 \
SMQ_CLIENTS_GRPC_TIMEOUT=1s \
SMQ_CLIENTS_GRPC_CLIENT_CERT="" \
SMQ_CLIENTS_GRPC_CLIENT_KEY="" \
SMQ_CLIENTS_GRPC_SERVER_CERTS="" \
SMQ_MESSAGE_BROKER_URL=amqp://guest:guest@rabbitmq:5672/ \
SMQ_JAEGER_URL=http://localhost:14268/api/traces \
SMQ_JAEGER_TRACE_RATIO=1.0 \
SMQ_SEND_TELEMETRY=true \
SMQ_COAP_ADAPTER_INSTANCE_ID="" \
$GOBIN/supermq-coap
Setting SMQ_COAP_ADAPTER_SERVER_CERT and SMQ_COAP_ADAPTER_SERVER_KEY will enable TLS against the service. The service expects a file in PEM format for both the certificate and the key. Setting SMQ_COAP_ADAPTER_HTTP_SERVER_CERT and SMQ_COAP_ADAPTER_HTTP_SERVER_KEY will enable TLS against the service. The service expects a file in PEM format for both the certificate and the key.
Setting SMQ_CLIENTS_GRPC_CLIENT_CERT and SMQ_CLIENTS_GRPC_CLIENT_KEY will enable TLS against the clients service. The service expects a file in PEM format for both the certificate and the key. Setting SMQ_CLIENTS_GRPC_SERVER_CERTS will enable TLS against the clients service trusting only those CAs that are provided. The service expects a file in PEM format of trusted CAs.
Usage
If CoAP adapter is running locally (on default 5683 port), a valid URL would be: coap://localhost/m/<domain_id>/c/<channel_id>/<subtopic>?auth=<client_auth_key>.
Since CoAP protocol does not support Authorization header (option) and options have limited size, in order to send CoAP messages, valid auth value (a valid Client key) must be present in Uri-Query option.
Best Practices
-
Use distinct client auth keys and rotate them frequently for better security.
-
Use meaningful channel IDs and subtopics so you know exactly where your messages go.
-
Leverage metadata/tags in channels and clients (via clients service) to filter and manage messaging paths.
-
Ensure the auth query parameter is not exposed publicly (use secure networks or DTLS if available).
-
Monitor message broker load and usage patterns — CoAP traffic can burst.
-
Use the /health endpoint (if exposed) to monitor service status and integrate with your observability stack.
Versioning and Health Check
If the service exposes a /health endpoint, you can use it for monitoring and version readiness checks.
curl -X GET coap://localhost/health \
-H "accept: application/health+json"
The expected response is:
{
"status": "pass",
"version": "0.xx.x",
"commit": "<commit‑hash>",
"description": "coap‑adapter service",
"build_time": "YYYY‑MM‑DDT…"
}
CLI
SuperMQ provides a CoAP CLI for testing and interacting with the CoAP Adapter. To learn more about this visit the SuperMQ CoAp CLI page.