MicrosoftDocs
diff --git a/‎articles/event-grid/authenticate-with-namespaces-using-webhook-authentication.md
Lines changed: 3 additions & 5 deletions b/‎articles/event-grid/authenticate-with-namespaces-using-webhook-authentication.md
Lines changed: 3 additions & 5 deletions
diff --git a/‎articles/event-grid/includes/limits.md
Lines changed: 13 additions & 0 deletions b/‎articles/event-grid/includes/limits.md
Lines changed: 13 additions & 0 deletions
diff --git a/‎articles/event-grid/mqtt-how-to-http-publish.md
Lines changed: 188 additions & 0 deletions b/‎articles/event-grid/mqtt-how-to-http-publish.md
Lines changed: 188 additions & 0 deletions
diff --git a/‎articles/event-grid/mqtt-http-publish.md
Lines changed: 138 additions & 0 deletions b/‎articles/event-grid/mqtt-http-publish.md
Lines changed: 138 additions & 0 deletions
@@ -4,20 +4,18 @@ description: This article shows you how to authenticate with Azure Event Grid na
 ms.topic: how-to
 ms.custom:
   - build-2025
-ms.date: 04/30/2025
+ms.date: 07/30/2025
 author: Connected-Seth
 ms.author: seshanmugam
 ---
 
-# Authenticate with MQTT broker using custom webhook authentication (Preview)
+# Authenticate with MQTT broker using custom webhook authentication
 This article shows how to authenticate with Azure Event Grid namespace using webhook or Azure function. 
 
 Webhook authentication allows external HTTP endpoints (webhooks or functions) to authenticate MQTT connections dynamically. This method uses Microsoft Entra ID JWT validation to ensure secure access.  
 
 When a client attempts to connect, the broker invokes a user-defined HTTP endpoint that validates credentials such SAS tokens, usernames/passwords, or even performs Certificate Revocation List (CRL) checks. The webhook evaluates the request and returns a decision to allow or deny the connection, along with optional metadata for fine-grained authorization. This approach supports flexible and centralized authentication policies across diverse device fleets and use cases. 
 
-> [!NOTE]
-> This feature is currently in preview. 
 
 ## Prerequisites 
 
@@ -203,7 +201,7 @@ Content-Type: application/json
 | expiration                | Expiration date in Unix time format. (Optional when Decision is set to allow) |
 | errorReason               | Error message if decision is set to deny. This error is logged. (Optional when Decision is set to deny) |
 
-### Examples of supported attribute types: 
+### Examples of supported attribute types 
 
 ```json
 "num_attr_pos": 1, 
 
@@ -48,6 +48,16 @@ The following limits apply to MQTT in Azure Event Grid namespace resource.
 | Inbound MQTT bandwidth per session        | 1 MB per second                                                                   |
 | Inbound in-flight MQTT messages*        | 1000 messages                                                                   |
 | Inbound in-flight MQTT bandwidth*         | 64 KB                                                             |
+| Inbound HTTP publishing requests per Event Grid namespace | 500 messages per second per TU |
+| Inbound HTTP bandwidth per Event Grid namespace           | 512 KB per second per TU       |
+| Inbound HTTP publishing requests per session              | 500 messages per second        |
+| Inbound HTTP bandwidth per session                        | 512 KB per second              |
+| Inbound in-flight HTTP messages*                          | 500 messages                   |
+| Maximum Retain Message Size**                               | 64 KB                          |
+| Maximum Retain Messages per Throughput Unit (TU)          | 10,000 messages or 640 MB (whichever is reached first) |
+| Total Retain Storage per TU                               | 640 MB                         |
+| Retain Message Expiry (MQTT 3.1.1)                        | 365 days (default)             |
+| Retain Message Expiry (MQTT 5.0)                          | Configurable using Message Expiry Interval, range: 0 to 31,536,000 seconds (365 days) |
 | Outbound MQTT publishing requests per Event Grid namespace | 1,000 messages per second per TU                                                         |
 | Outbound MQTT bandwidth per Event Grid namespace        | 1 MB per second per TU                                                            |
 | Outbound MQTT publishing requests per session| 100 messages per second                                                           |
@@ -79,8 +89,11 @@ The following limits apply to MQTT in Azure Event Grid namespace resource.
 | Topic templates                              | 10 per topic space                                                                |
 | Permission bindings                          | 100                                                                               |
 
+
 \* For MQTTv5, learn more about [flow control support](../mqtt-support.md#flow-control).
 
+\** Retain messages count against the total MQTT storage quota for the namespace. When the quota is reached, publishing new retain messages will fail until existing messages are expired or deleted (e.g., via empty payload publish).
+
 ## Events limits in Event Grid namespace
 
 The following limits apply to events in Azure Event Grid namespace resource.
 
@@ -0,0 +1,188 @@
+---
+title: How to Publish MQTT Messages via HTTP with Azure Event Grid
+description: Explains how to publish MQTT messages via HTTP with Azure Event Grid for scalable server-to-device communication. Learn how to use the HTTP Publish API effectively.
+#customer intent: As a backend developer, I want to publish MQTT messages via HTTP so that I can integrate with Azure Event Grid without maintaining persistent MQTT sessions.  
+author: spelluru
+contributors: null
+ms.topic: how-to
+ms.date: 07/30/2025
+ms.author: spelluru
+ms.reviewer: spelluru
+ms.custom:
+  - ai-gen-docs-bap
+  - ai-gen-title
+  - ai-seo-date:07/30/2025
+  - ai-gen-description
+---
+
+# How to Publish MQTT Messages via HTTP with Azure Event Grid (preview)
+Azure Event Grid now supports publishing MQTT messages via HTTP, enabling backend systems to send messages to devices without maintaining persistent MQTT connections. This approach simplifies integration for applications that prefer stateless communication, uses secure authentication with Entra ID, and provides scalable, reliable delivery to MQTT clients. In this article, you learn how to use the HTTP Publish API, obtain the necessary credentials, and verify message delivery using popular tools like Bruno, and MQTTX.
+
+> [!NOTE]
+> This feature is currently in preview. 
+
+This article explains how to publish MQTT messages via HTTP with Azure Event Grid. 
+
+## Get your connection details
+
+- Namespace fully qualified domain name (FQDN). Example: `contoso.westus3-1.ts.eventgrid.azure.net`.
+- Topic. Example: `devices/CXa-23112/prompt`.
+- Entra ID client credentials.
+
+## Get a bearer token
+Run the following Azure CLI command to get a bearer token. 
+
+```bash
+az account get-access-token --resource=https://<namespaceFQDN> --query accessToken -o tsv
+```
+
+Save this token to use in the `Authorization: Bearer <TOKEN>` header. 
+
+## Publish messages using HTTP
+
+### [Curl](#tab/curl)
+
+Here’s an example cURL command to simulate the HTTP Publish. 
+
+```http
+curl -X POST "https://contoso.westus3-1.ts.eventgrid.azure.net/mqtt/messages?topic=devices%2XXXX-0000%2Fprompt&api-version=2025-08-01-preview" \ 
+  -H "Authorization: Bearer <ENTRA_TOKEN_HERE>" \ 
+  -H "mqtt-qos: 1" \ 
+  -H "mqtt-retain: 0" \ 
+  -H "mqtt-response-topic: devices%2XXXX-00000%2Freply" \ 
+  -H "mqtt-correlation-data: XXXXXXX" \ 
+  -H "mqtt-user-properties: XXXXXXXXXXXX" \ 
+  -H "Content-Type: text/plain;charset=UTF-8" \ 
+  --data-raw "Please accept terms of licensing and agreement" 
+```
+
+In this sample command:
+
+- Topic is percent-encoded. 
+- Add optional headers for QoS, retain flag, response topic, user properties. 
+- Payload goes in the request body. 
+
+### [Bruno](#tab/brno)
+
+### Import to Bruno
+1. Open Bruno.
+1. Select **Import Collection**, and then select `EventGrid_HTTP_Publish_Postman_Collection.json`. Here's the content for the JSON file:
+
+    ```json
+    {
+      "info": {
+        "name": "Event Grid MQTT Broker - HTTP Publish",
+        "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+      },
+      "item": [
+        {
+          "name": "HTTP Publish to MQTT Broker",
+          "request": {
+            "method": "POST",
+            "header": [
+              {
+                "key": "Authorization",
+                "value": "Bearer {{entra_token}}"
+              },
+              {
+                "key": "mqtt-qos",
+                "value": "1"
+              },
+              {
+                "key": "mqtt-retain",
+                "value": "0"
+              },
+              {
+                "key": "mqtt-response-topic",
+                "value": "devices%2FCXa-23112%2Freply"
+              },
+              {
+                "key": "mqtt-correlation-data",
+                "value": "PlXCscK2wrbCuy8="
+              },
+              {
+                "key": "mqtt-user-properties",
+                "value": "[{\"Urgency\":\"alert\"},{\"RequestId\":\"55f4a7ee-b0b4-4d7f-8eb5-2edba2ced5d7\"}]"
+              },
+              {
+                "key": "Content-Type",
+                "value": "text/plain;charset=UTF-8"
+              }
+            ],
+            "url": {
+              "raw": "https://{{namespace}}/mqtt/messages?topic={{topic}}&api-version=2025-08-01-preview",
+              "host": [
+                "{{namespace}}"
+              ],
+              "path": [
+                "mqtt",
+                "messages"
+              ],
+              "query": [
+                {
+                  "key": "topic",
+                  "value": "{{topic}}"
+                },
+                {
+                  "key": "api-version",
+                  "value": "2025-02-15-preview"
+                }
+              ]
+            },
+            "body": {
+              "mode": "raw",
+              "raw": "Please accept terms of licensing and agreement"
+            }
+          }
+        }
+      ],
+      "variable": [
+        {
+          "key": "namespace",
+          "value": "contoso.westus3-1.ts.eventgrid.azure.net"
+        },
+        {
+          "key": "topic",
+          "value": "devices/CXa-23112/prompt"
+        },
+        {
+          "key": "entra_token",
+          "value": "<ENTRA_TOKEN_HERE>"
+        }
+      ]
+    }
+    ```    
+1. Go to **Variables** tab:
+   - Replace `{{namespace}}` with your namespace FQDN.
+   - Replace `{{topic}}` with your MQTT topic.
+   - Replace `{{entra_token}}` with your token from Step 2.
+1. Select **Send**. You should get 202 or 204.
+
+---
+
+## Verify in MQTTX
+Use MQTTX or any MQTT library (like paho-mqtt Python) to subscribe to the same topic to confirm delivery. 
+
+1. Create a new connection in MQTTX:
+    - `Host: contoso.westus3-1.ts.eventgrid.azure.net`
+    - `Port: 8883 (TLS)`
+    - `Client ID: same as your Entra Object ID` 
+    - `Username/Password: N/A — use certificate or token auth if configured`   
+1. Subscribe to the topic you used in the HTTP POST command.
+1. Run the **HTTP Publish** and watch for the message in MQTTX. You should see your payload appear.
+
+If the publish **succeeds**, you see: 
+
+- **HTTP Response**: 204 No Content or 202 Accepted (depending on routing rules). 
+- MQTT client sees the message instantly. 
+
+## Troubleshoot
+
+- **401 Unauthorized?** — If the token is missing or expired: You get 401 Unauthorized. Refresh your token.
+- **403 Forbidden?** — If the topic is invalid or you don’t have rights: 403 Forbidden. Check your topic or permissions.
+- **500 Internal Server Error** - If routing fails internally, check metrics and diagnostic Logs for your Event Grid namespace. 
+- **Message doesn’t appear?** — Ensure topic is percent-encoded in the URL, check broker routing config, and verify you’re using the same namespace.
+
+
+## Related content
+For an overview of this feature, see [HTTP Publish of MQTT messages with Azure Event Grid](mqtt-http-publish.md).
@@ -0,0 +1,138 @@
+---
+title: HTTP Publish of MQTT messages with Azure Event Grid
+description: Publish MQTT messages via HTTP with Azure Event Grid for scalable server-to-device communication. Learn how to use the HTTP Publish API effectively.
+#customer intent: As a backend developer, I want to publish MQTT messages via HTTP so that I can integrate with Azure Event Grid without maintaining persistent MQTT sessions.  
+author: spelluru
+contributors: null
+ms.topic: concept-article
+ms.date: 07/30/2025
+ms.author: spelluru
+ms.reviewer: spelluru
+ms.custom:
+  - ai-gen-docs-bap
+  - ai-gen-title
+  - ai-seo-date:07/30/2025
+  - ai-gen-description
+---
+
+# HTTP Publish of MQTT messages with Azure Event Grid (preview)
+
+The Azure Event Grid MQTT Broker HTTP Publish API empowers customers to publish MQTT messages using standard HTTP requests. This complements direct MQTT client connections, providing a simple and scalable option for server-side systems that prefer HTTP for server-to-device command-and-control, updates, or retained message management.
+
+> [!NOTE]
+> This feature is currently in preview. 
+
+Key benefits:
+
+- Allows backend services to send MQTT messages without keeping persistent MQTT sessions open.
+- Helps protect broker stability by limiting per-client MQTT sessions.
+- Ensures consistent message processing for both MQTT and HTTP-originated messages.
+
+## When to Use HTTP Publish
+
+Consider HTTP Publish when:
+
+- Your backend services are HTTP-native and need to send device commands or updates over MQTT.
+- You want to manage retained messages without opening an MQTT connection.
+- You need to scale up publish capacity without exhausting session limits.
+
+## How It Works
+
+1. HTTP clients issue an HTTP POST request with MQTT publish details.
+1. Event Grid maps HTTP request parts to standard MQTT PUBLISH packet properties.
+1. Messages flow through the Event Grid routing and enrichment pipeline, ensuring delivery guarantees and applying any enrichment or transformation.
+
+## Example: MQTT publish equivalent
+
+```http
+PUBLISH Topic Name: devices/CXa-23112/prompt  
+QoS: 1  
+RETAIN: 0  
+Response Topic: devices/CXa-23112/reply  
+Correlation Data: >U±¶¶»/  
+User Property: Urgency = alert  
+User Property: RequestId = 55f4a7ee-b0b4-4d7f-8eb5-2edba2ced5d7  
+Payload: Please accept terms of licensing and agreement
+```
+
+## Example: HTTP publish request
+
+```http
+POST /mqtt/messages?topic=devices%2FCXa-23112%2Fprompt&api-version=2025-02-15-preview HTTP/1.1  
+Host: nsname.westus3-1.ts.eventgrid.azure.net  
+Authorization: Bearer <ENTRA_TOKEN_HERE>  
+mqtt-qos: 1  
+mqtt-retain: 0  
+mqtt-response-topic: devices%2FCXa-23112%2Freply  
+mqtt-correlation-data: PlXCscK2wrbCuy8=  
+mqtt-user-properties: W3siVXJnZW5jeSI6ImFsZXJ0In0seyJSZXF1ZXN0SWQiOiI1NWY0YTdlZS1iMGI0LTRkN2YtOGViNS0yZWRiYTJjZWQ1ZDcifV0=  
+Content-Type: text/plain;charset=UTF-8  
+Date: Sun, 06 Nov 1994 08:49:37 GMT  
+Content-Length: 46  
+
+Please accept terms of licensing and agreement
+```
+
+
+
+## Request parameters
+
+This table describes how HTTP request parts map to MQTT PUBLISH packet properties. Refer to the original documentation for full details.
+
+| **MQTT PUBLISH Part**    | **Type/Values**        | **Location**                               | **Required**       | **Description**                |
+|--------------------------|------------------------|--------------------------------------------|--------------------|--------------------------------|
+| Topic name               | Percent-encoded string | Query `topic`                              | Yes                | MQTT topic to publish to.      |
+| QoS                      | 0 or 1                 | Query `qos` or header `mqtt-qos`           | No [default = 1]   | Quality of Service level.      |
+| RETAIN flag              | 0 or 1                 | Query `retain` or header `mqtt-retain`     | No [default = 0]   | Whether to retain the message. |
+| Response Topic           | Percent-encoded string | Header `mqtt-response-topic`               | No                 | Response topic if needed.      |
+| Correlation Data         | Base64 string          | Header `mqtt-correlation-data`             | No                 | Extra data for tracking.       |
+| User Properties          | Base64 JSON Array      | Header `mqtt-user-properties`              | No                 | Custom user properties.        |
+| Content Type             | String                 | Header `content-type`                      | No                 | Payload type.                  |
+| Message Expiry Interval  | Unsigned integer       | Header `mqtt-message-expiry`               | No                 | Retention period in seconds.   |
+| Payload Format Indicator | 0 or 1                 | Header `mqtt-payload-format-indicator`     | No [default = 0]   | Format indicator.              |
+| Payload                  | bytes                  | HTTP body                                  | No                 | Message body.                  |
+
+**Notes:**
+
+- Query parameter values override header values if both are present.
+- Percent-encoding is required for topic and response topic.
+- Correlation Data must be base64-encoded.
+
+## High-level steps for using HTTP Publish
+
+- Step 1: Prepare your Entra ID bearer token for authentication.
+- Step 2: Construct your HTTP POST request to your Event Grid MQTT broker endpoint.
+- Step 3: Include required query parameters like topic.
+- Step 4: Add optional headers for QoS, RETAIN, response topics, user properties, etc.
+- Step 5: Add your payload as the HTTP body.
+- Step 6: Send the request.
+- Step 7: Confirm delivery via logs and metrics in the Event Grid portal.
+
+## Authentication & authorization
+
+- HTTP Publish uses Microsoft Entra ID for authentication.
+- Add a Bearer token to the Authorization header.
+- The Microsoft Entra Object ID becomes the MQTT clientId.
+- The AuthN/AuthZ model aligns with standard MQTT connections.
+
+## Routing and observability
+
+- Metrics and logs include:
+  - Protocol: http-publish
+  - Request ID
+  - Topic
+  - Source IP
+  - Auth principal
+
+## Best practices
+
+- Use lowercase header keys where possible. HTTP/2 header keys are case-insensitive.
+- Monitor throughput — HTTP messages tend to be larger than direct MQTT messages.
+- HTTP Publish shares throughput limits with direct MQTT publishes.
+
+## Throttling
+
+Be aware that HTTP Publish counts towards your overall MQTT throughput quota. Monitor your usage to avoid exceeding limits.
+
+## Next step
+See [How to publish MQTT messages using HTTP with Azure Event Grid](mqtt-how-to-http-publish.md).