Broker Listener - Create Or Update
Create a BrokerListenerResource
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.IoTOperations/instances/{instanceName}/brokers/{brokerName}/listeners/{listenerName}?api-version=2025-10-01URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
broker
|
path | True |
string minLength: 3maxLength: 63 pattern: ^[a-z0-9][a-z0-9-]*[a-z0-9]$ |
Name of broker. |
|
instance
|
path | True |
string minLength: 3maxLength: 63 pattern: ^[a-z0-9][a-z0-9-]*[a-z0-9]$ |
Name of instance. |
|
listener
|
path | True |
string minLength: 3maxLength: 63 pattern: ^[a-z0-9][a-z0-9-]*[a-z0-9]$ |
Name of Instance broker listener resource |
|
resource
|
path | True |
string minLength: 1maxLength: 90 |
The name of the resource group. The name is case insensitive. |
|
subscription
|
path | True |
string (uuid) |
The ID of the target subscription. The value must be an UUID. |
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
Request Body
| Name | Type | Description |
|---|---|---|
| extendedLocation |
Edge location of the resource. |
|
| properties |
The resource-specific properties for this resource. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
Resource 'BrokerListenerResource' update operation succeeded |
|
| 201 Created |
Resource 'BrokerListenerResource' create operation succeeded Headers
|
|
| Other Status Codes |
An unexpected error response. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
|
Broker |
|
Broker |
|
Broker |
BrokerListener_CreateOrUpdate
Sample request
PUT https://management.azure.com/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/listeners/resource-name123?api-version=2025-10-01
{
"properties": {
"serviceName": "tpfiszlapdpxktx",
"ports": [
{
"authenticationRef": "tjvdroaqqy",
"authorizationRef": "inxhvxnwswyrvt",
"nodePort": 7281,
"port": 1268,
"protocol": "Mqtt",
"tls": {
"mode": "Automatic",
"certManagerCertificateSpec": {
"duration": "qmpeffoksron",
"secretName": "oagi",
"renewBefore": "hutno",
"issuerRef": {
"group": "jtmuladdkpasfpoyvewekmiy",
"kind": "Issuer",
"name": "ocwoqpgucvjrsuudtjhb"
},
"privateKey": {
"algorithm": "Ec256",
"rotationPolicy": "Always"
},
"san": {
"dns": [
"xhvmhrrhgfsapocjeebqtnzarlj"
],
"ip": [
"zbgugfzcgsmegevzktsnibyuyp"
]
}
},
"manual": {
"secretRef": "secret-name"
}
}
}
],
"serviceType": "ClusterIp"
},
"extendedLocation": {
"name": "/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.ExtendedLocation/customLocations/resource-123",
"type": "CustomLocation"
}
}
Sample response
{
"properties": {
"serviceName": "tpfiszlapdpxktx",
"ports": [
{
"authenticationRef": "tjvdroaqqy",
"authorizationRef": "inxhvxnwswyrvt",
"nodePort": 7281,
"port": 1268,
"protocol": "Mqtt",
"tls": {
"mode": "Automatic",
"certManagerCertificateSpec": {
"duration": "qmpeffoksron",
"secretName": "oagi",
"renewBefore": "hutno",
"issuerRef": {
"group": "jtmuladdkpasfpoyvewekmiy",
"kind": "Issuer",
"name": "ocwoqpgucvjrsuudtjhb"
},
"privateKey": {
"algorithm": "Ec256",
"rotationPolicy": "Always"
},
"san": {
"dns": [
"xhvmhrrhgfsapocjeebqtnzarlj"
],
"ip": [
"zbgugfzcgsmegevzktsnibyuyp"
]
}
},
"manual": {
"secretRef": "secret-name"
}
}
}
],
"serviceType": "ClusterIp",
"provisioningState": "Succeeded"
},
"extendedLocation": {
"name": "/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.ExtendedLocation/customLocations/resource-123",
"type": "CustomLocation"
},
"id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/listeners/resource-name123",
"name": "hoqjaachratt",
"type": "Microsoft.IoTOperations/instances/brokers/listeners",
"systemData": {
"createdBy": "contosouser",
"createdByType": "User",
"createdAt": "2024-08-09T18:13:29.389Z",
"lastModifiedBy": "contosouser",
"lastModifiedByType": "User",
"lastModifiedAt": "2024-08-09T18:13:29.389Z"
}
}Azure-AsyncOperation: https://contoso.com/operationstatus{
"properties": {
"serviceName": "tpfiszlapdpxktx",
"ports": [
{
"authenticationRef": "tjvdroaqqy",
"authorizationRef": "inxhvxnwswyrvt",
"nodePort": 7281,
"port": 1268,
"protocol": "Mqtt",
"tls": {
"mode": "Automatic",
"certManagerCertificateSpec": {
"duration": "qmpeffoksron",
"secretName": "oagi",
"renewBefore": "hutno",
"issuerRef": {
"group": "jtmuladdkpasfpoyvewekmiy",
"kind": "Issuer",
"name": "ocwoqpgucvjrsuudtjhb"
},
"privateKey": {
"algorithm": "Ec256",
"rotationPolicy": "Always"
},
"san": {
"dns": [
"xhvmhrrhgfsapocjeebqtnzarlj"
],
"ip": [
"zbgugfzcgsmegevzktsnibyuyp"
]
}
},
"manual": {
"secretRef": "secret-name"
}
}
}
],
"serviceType": "ClusterIp",
"provisioningState": "Succeeded"
},
"extendedLocation": {
"name": "/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.ExtendedLocation/customLocations/resource-123",
"type": "CustomLocation"
},
"id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/listeners/resource-name123",
"name": "hoqjaachratt",
"type": "Microsoft.IoTOperations/instances/brokers/listeners",
"systemData": {
"createdBy": "contosouser",
"createdByType": "User",
"createdAt": "2024-08-09T18:13:29.389Z",
"lastModifiedBy": "contosouser",
"lastModifiedByType": "User",
"lastModifiedAt": "2024-08-09T18:13:29.389Z"
}
}BrokerListener_CreateOrUpdate_Complex
Sample request
PUT https://management.azure.com/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/listeners/resource-name123?api-version=2025-10-01
{
"properties": {
"serviceType": "LoadBalancer",
"ports": [
{
"port": 8080,
"authenticationRef": "example-authentication",
"protocol": "WebSockets"
},
{
"port": 8443,
"authenticationRef": "example-authentication",
"protocol": "WebSockets",
"tls": {
"mode": "Automatic",
"certManagerCertificateSpec": {
"issuerRef": {
"group": "jtmuladdkpasfpoyvewekmiy",
"name": "example-issuer",
"kind": "Issuer"
}
}
}
},
{
"port": 1883,
"authenticationRef": "example-authentication"
},
{
"port": 8883,
"authenticationRef": "example-authentication",
"tls": {
"mode": "Manual",
"manual": {
"secretRef": "example-secret"
}
}
}
]
},
"extendedLocation": {
"name": "/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.ExtendedLocation/customLocations/resource-123",
"type": "CustomLocation"
}
}
Sample response
{
"properties": {
"serviceName": "tpfiszlapdpxktx",
"serviceType": "LoadBalancer",
"ports": [
{
"port": 8080,
"authenticationRef": "example-authentication",
"protocol": "WebSockets"
},
{
"port": 8443,
"authenticationRef": "example-authentication",
"protocol": "WebSockets",
"tls": {
"mode": "Automatic",
"certManagerCertificateSpec": {
"issuerRef": {
"group": "jtmuladdkpasfpoyvewekmiy",
"name": "example-issuer",
"kind": "Issuer"
}
}
}
},
{
"port": 1883,
"authenticationRef": "example-authentication"
},
{
"port": 8883,
"authenticationRef": "example-authentication",
"tls": {
"mode": "Manual",
"manual": {
"secretRef": "example-secret"
}
}
}
],
"provisioningState": "Succeeded"
},
"extendedLocation": {
"name": "/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.ExtendedLocation/customLocations/resource-123",
"type": "CustomLocation"
},
"id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/listeners/resource-name123",
"name": "hoqjaachratt",
"type": "Microsoft.IoTOperations/instances/brokers/listeners",
"systemData": {
"createdBy": "contosouser",
"createdByType": "User",
"createdAt": "2024-08-09T18:13:29.389Z",
"lastModifiedBy": "contosouser",
"lastModifiedByType": "User",
"lastModifiedAt": "2024-08-09T18:13:29.389Z"
}
}Azure-AsyncOperation: https://contoso.com/operationstatus{
"properties": {
"serviceName": "tpfiszlapdpxktx",
"serviceType": "LoadBalancer",
"ports": [
{
"port": 8080,
"authenticationRef": "example-authentication",
"protocol": "WebSockets"
},
{
"port": 8443,
"authenticationRef": "example-authentication",
"protocol": "WebSockets",
"tls": {
"mode": "Automatic",
"certManagerCertificateSpec": {
"issuerRef": {
"group": "jtmuladdkpasfpoyvewekmiy",
"name": "example-issuer",
"kind": "Issuer"
}
}
}
},
{
"port": 1883,
"authenticationRef": "example-authentication"
},
{
"port": 8883,
"authenticationRef": "example-authentication",
"tls": {
"mode": "Manual",
"manual": {
"secretRef": "example-secret"
}
}
}
],
"provisioningState": "Succeeded"
},
"extendedLocation": {
"name": "/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.ExtendedLocation/customLocations/resource-123",
"type": "CustomLocation"
},
"id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/listeners/resource-name123",
"name": "hoqjaachratt",
"type": "Microsoft.IoTOperations/instances/brokers/listeners",
"systemData": {
"createdBy": "contosouser",
"createdByType": "User",
"createdAt": "2024-08-09T18:13:29.389Z",
"lastModifiedBy": "contosouser",
"lastModifiedByType": "User",
"lastModifiedAt": "2024-08-09T18:13:29.389Z"
}
}BrokerListener_CreateOrUpdate_Simple
Sample request
PUT https://management.azure.com/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/listeners/resource-name123?api-version=2025-10-01
{
"properties": {
"ports": [
{
"port": 1883
}
]
},
"extendedLocation": {
"name": "/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.ExtendedLocation/customLocations/resource-123",
"type": "CustomLocation"
}
}
Sample response
{
"properties": {
"serviceName": "tpfiszlapdpxktx",
"serviceType": "LoadBalancer",
"ports": [
{
"port": 1883
}
],
"provisioningState": "Succeeded"
},
"extendedLocation": {
"name": "/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.ExtendedLocation/customLocations/resource-123",
"type": "CustomLocation"
},
"id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/listeners/resource-name123",
"name": "hoqjaachratt",
"type": "Microsoft.IoTOperations/instances/brokers/listeners",
"systemData": {
"createdBy": "contosouser",
"createdByType": "User",
"createdAt": "2024-08-09T18:13:29.389Z",
"lastModifiedBy": "contosouser",
"lastModifiedByType": "User",
"lastModifiedAt": "2024-08-09T18:13:29.389Z"
}
}Azure-AsyncOperation: https://contoso.com/operationstatus{
"properties": {
"serviceName": "tpfiszlapdpxktx",
"serviceType": "LoadBalancer",
"ports": [
{
"port": 1883
}
],
"provisioningState": "Succeeded"
},
"extendedLocation": {
"name": "/subscriptions/F8C729F9-DF9C-4743-848F-96EE433D8E53/resourceGroups/rgiotoperations/providers/Microsoft.ExtendedLocation/customLocations/resource-123",
"type": "CustomLocation"
},
"id": "/subscriptions/0000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup123/providers/Microsoft.IoTOperations/instances/resource-name123/brokers/resource-name123/listeners/resource-name123",
"name": "hoqjaachratt",
"type": "Microsoft.IoTOperations/instances/brokers/listeners",
"systemData": {
"createdBy": "contosouser",
"createdByType": "User",
"createdAt": "2024-08-09T18:13:29.389Z",
"lastModifiedBy": "contosouser",
"lastModifiedByType": "User",
"lastModifiedAt": "2024-08-09T18:13:29.389Z"
}
}Definitions
| Name | Description |
|---|---|
|
Broker |
Defines a Broker listener. A listener is a collection of ports on which the broker accepts connections from clients. |
|
Broker |
Instance broker resource |
|
Broker |
Broker Protocol types |
|
Cert |
Automatic TLS server certificate management with cert-manager |
|
Cert |
CertManagerIssuerKind properties |
|
Cert |
Cert-Manager issuerRef properties |
|
Cert |
Cert Manager private key properties |
|
created |
The type of identity that created the resource. |
|
Error |
The resource management error additional info. |
|
Error |
The error detail. |
|
Error |
Error response |
|
Extended |
Extended location is an extension of Azure locations. They provide a way to use their Azure ARC enabled Kubernetes clusters as target locations for deploying Azure services instances. |
|
Extended |
The enum defining type of ExtendedLocation accepted. |
|
Listener |
Defines a TCP port on which a |
|
Private |
Private key algorithm types. |
|
Private |
Private key rotation policy. |
|
Provisioning |
The enum defining status of resource. |
|
Resource |
The health state of the resource. |
|
San |
Subject Alternative Names (SANs) for certificate. |
|
Service |
Kubernetes Service Types supported by Listener |
|
system |
Metadata pertaining to creation and last modification of the resource. |
|
Tls |
Collection of different TLS types, NOTE- Enum at a time only one of them needs to be supported |
|
Tls |
Broker Authentication Mode |
|
X509Manual |
X509 Certificate Authentication properties. |
BrokerListenerProperties
Defines a Broker listener. A listener is a collection of ports on which the broker accepts connections from clients.
| Name | Type | Default value | Description |
|---|---|---|---|
| healthState | Unknown |
The health state of the resource. |
|
| ports |
Ports on which this listener accepts client connections. |
||
| provisioningState |
The status of the last operation. |
||
| serviceName |
string |
Kubernetes Service name of this listener. |
|
| serviceType | ClusterIp |
Kubernetes Service type of this listener. |
BrokerListenerResource
Instance broker resource
| Name | Type | Description |
|---|---|---|
| extendedLocation |
Edge location of the resource. |
|
| id |
string (arm-id) |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| name |
string |
The name of the resource |
| properties |
The resource-specific properties for this resource. |
|
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
BrokerProtocolType
Broker Protocol types
| Value | Description |
|---|---|
| Mqtt |
protocol broker |
| WebSockets |
protocol websocket |
CertManagerCertificateSpec
Automatic TLS server certificate management with cert-manager
| Name | Type | Description |
|---|---|---|
| duration |
string |
Lifetime of certificate. Must be specified using a Go time.Duration format (h|m|s). E.g. 240h for 240 hours and 45m for 45 minutes. |
| issuerRef |
cert-manager issuerRef. |
|
| privateKey |
Type of certificate private key. |
|
| renewBefore |
string |
When to begin renewing certificate. Must be specified using a Go time.Duration format (h|m|s). E.g. 240h for 240 hours and 45m for 45 minutes. |
| san |
Additional Subject Alternative Names (SANs) to include in the certificate. |
|
| secretName |
string |
Secret for storing server certificate. Any existing data will be overwritten. This is a reference to the secret through an identifying name, not the secret itself. |
CertManagerIssuerKind
CertManagerIssuerKind properties
| Value | Description |
|---|---|
| Issuer |
Issuer kind. |
| ClusterIssuer |
ClusterIssuer kind. |
CertManagerIssuerRef
Cert-Manager issuerRef properties
| Name | Type | Default value | Description |
|---|---|---|---|
| group |
string |
cert-manager.io |
group of issuer. |
| kind |
kind of issuer (Issuer or ClusterIssuer). |
||
| name |
string |
name of issuer. |
CertManagerPrivateKey
Cert Manager private key properties
| Name | Type | Description |
|---|---|---|
| algorithm |
algorithm for private key. |
|
| rotationPolicy |
cert-manager private key rotationPolicy. |
createdByType
The type of identity that created the resource.
| Value | Description |
|---|---|
| User | |
| Application | |
| ManagedIdentity | |
| Key |
ErrorAdditionalInfo
The resource management error additional info.
| Name | Type | Description |
|---|---|---|
| info |
object |
The additional info. |
| type |
string |
The additional info type. |
ErrorDetail
The error detail.
| Name | Type | Description |
|---|---|---|
| additionalInfo |
The error additional info. |
|
| code |
string |
The error code. |
| details |
The error details. |
|
| message |
string |
The error message. |
| target |
string |
The error target. |
ErrorResponse
Error response
| Name | Type | Description |
|---|---|---|
| error |
The error object. |
ExtendedLocation
Extended location is an extension of Azure locations. They provide a way to use their Azure ARC enabled Kubernetes clusters as target locations for deploying Azure services instances.
| Name | Type | Description |
|---|---|---|
| name |
string |
The name of the extended location. |
| type |
Type of ExtendedLocation. |
ExtendedLocationType
The enum defining type of ExtendedLocation accepted.
| Value | Description |
|---|---|
| CustomLocation |
CustomLocation type |
ListenerPort
Defines a TCP port on which a BrokerListener listens.
| Name | Type | Default value | Description |
|---|---|---|---|
| authenticationRef |
string |
Reference to client authentication settings. Omit to disable authentication. |
|
| authorizationRef |
string |
Reference to client authorization settings. Omit to disable authorization. |
|
| nodePort |
integer (int32) minimum: 0maximum: 65535 |
Kubernetes node port. Only relevant when this port is associated with a |
|
| port |
integer (int32) minimum: 0maximum: 65535 |
TCP port for accepting client connections. |
|
| protocol | Mqtt |
Protocol to use for client connections. |
|
| tls |
TLS server certificate settings for this port. Omit to disable TLS. |
PrivateKeyAlgorithm
Private key algorithm types.
| Value | Description |
|---|---|
| Ec256 |
Algorithm - ec256. |
| Ec384 |
Algorithm - ec384. |
| Ec521 |
Algorithm - ec521. |
| Ed25519 |
Algorithm - ed25519. |
| Rsa2048 |
Algorithm - rsa2048. |
| Rsa4096 |
Algorithm - rsa4096. |
| Rsa8192 |
Algorithm - rsa8192. |
PrivateKeyRotationPolicy
Private key rotation policy.
| Value | Description |
|---|---|
| Always |
Rotation Policy - Always. |
| Never |
Rotation Policy - Never. |
ProvisioningState
The enum defining status of resource.
| Value | Description |
|---|---|
| Succeeded |
Resource has been created. |
| Failed |
Resource creation failed. |
| Canceled |
Resource creation was canceled. |
| Provisioning |
Resource is getting provisioned. |
| Updating |
Resource is Updating. |
| Deleting |
Resource is Deleting. |
| Accepted |
Resource has been Accepted. |
ResourceHealthState
The health state of the resource.
| Value | Description |
|---|---|
| Available |
Resource is Available and functioning as expected. |
| Degraded |
Resource health is degraded. |
| Unavailable |
Resource is not functioning as expected. |
| Unknown |
Resource state is unknown. |
SanForCert
Subject Alternative Names (SANs) for certificate.
| Name | Type | Default value | Description |
|---|---|---|---|
| dns |
string[] |
[] |
DNS SANs. |
| ip |
string[] |
[] |
IP address SANs. |
ServiceType
Kubernetes Service Types supported by Listener
| Value | Description |
|---|---|
| ClusterIp |
Cluster IP Service. |
| LoadBalancer |
Load Balancer Service. |
| NodePort |
Node Port Service. |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string (date-time) |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string (date-time) |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |
TlsCertMethod
Collection of different TLS types, NOTE- Enum at a time only one of them needs to be supported
| Name | Type | Description |
|---|---|---|
| certManagerCertificateSpec |
Option 1 - Automatic TLS server certificate management with cert-manager. |
|
| manual |
Option 2 - Manual TLS server certificate management through a defined secret. |
|
| mode |
Mode of TLS server certificate management. |
TlsCertMethodMode
Broker Authentication Mode
| Value | Description |
|---|---|
| Automatic |
Automatic TLS server certificate configuration. |
| Manual |
Manual TLS server certificate configuration. |
X509ManualCertificate
X509 Certificate Authentication properties.
| Name | Type | Description |
|---|---|---|
| secretRef |
string |
Kubernetes secret containing an X.509 client certificate. This is a reference to the secret through an identifying name, not the secret itself. |