MQTT · raw signed bytes · verify on subscriber

A signed live-data feed on your MQTT broker.

Most IoT fleets speak MQTT, not HTTP. This bridge polls Dynamic Feed and republishes the exact raw, Ed25519-signed bytes onto dynamicfeed/ topics — so any MQTT subscriber can re-canonicalize and verify the signature itself before acting on the value.

The call

Keyless. One tool per /v1/batch call so each published payload is independently verifiable; the bridge publishes the unmodified signed bytes (DF_PUBLISH_RAW=true, the default).

# pip install paho-mqtt requests pynacl, then point at your broker + pick tools:
export MQTT_HOST=broker.example.com
export DF_TOOLS='current_weather:{"city":"Sydney"},air_quality:{"city":"Sydney"},grid_carbon'
export DF_INTERVAL_SEC=300
python bridge.py        # publishes RAW signed bytes to dynamicfeed/ (one tool per batch)

# On any subscriber — re-canonicalize + verify the Ed25519 signature per message:
python verify_subscriber.py
# [verify] OK  dynamicfeed/air_quality: VALID (key df-ed25519-4cb32e72f333)

Sample response

# Topic: dynamicfeed/air_quality   (retained, QoS 1)   payload = the exact signed bytes:
{"count":1,"results":[{"tool":"air_quality","ok":true,"data":{"us_aqi":44,
  "pm2_5":7.2,"provenance":{"source":"Open-Meteo Air Quality",
  "measured_at":"2026-06-14T05:00:00+00:00","age_seconds":722}}}],
 "signature":{"alg":"Ed25519","key_id":"df-ed25519-4cb32e72f333",
  "canonicalization":"json-sorted-compact","sig":"..."}}

Why live data

MQTT is the dominant IoT pub/sub protocol, so a verifiable data layer for devices has to meet them on the broker. The bridge calls POST /v1/batch one tool per request — because the response is signed per batch, a single-call batch produces a payload a subscriber can verify on its own — and publishes the exact raw response bytes to dynamicfeed/. It must not re-pretty-print or mutate the JSON or the signature breaks. An included verify_subscriber.py reproduces the json-sorted-compact canonicalization byte-for-byte, strips the signature field, re-serializes sorted/compact, and checks the detached Ed25519 signature against the published key; a live response verified VALID and a one-field tamper was correctly rejected. Every call has a hard timeout and one bad cycle is logged and skipped (never-hang). A VALID result proves the payload was not altered in transit since we signed it — it is not proof the value is correct, and it is evidence, not a safety guarantee; your device stack owns every decision.

Use it for

Feed MQTT-native devices signed weather, air-quality, grid & GPS data without HTTP
Verify each message on the subscriber before a controller acts on it
Retain the last value so a late-joining subscriber gets it immediately
Anchor a hash of your own device reading alongside the read path (hashes only)

Get a free API key ↗ See it live ↗ API docs ↗

FAQ

Why one tool per MQTT message?

Because the API signs per batch. A single-call batch produces a payload a subscriber can verify standalone. The bridge publishes the exact raw signed bytes — it must not re-format the JSON, or the signature would no longer verify.

Can a device verify the signature itself?

Yes on ESP32 / Raspberry-Pi-class devices (micro-ed25519 libraries, or a gateway that verifies before fanning out). It is not suitable for an 8-bit Arduino Uno — verify at a capable gateway and trust the local segment, or anchor instead. The included verify_subscriber.py is the reference verifier.

Is it keyless?

Yes. The bridge polls keyless tools with no key, signup or wallet. Keep DF_PUBLISH_RAW=true (the default) so subscribers can verify; false drops the signature for a smaller unsigned summary that cannot be verified.

Related live feeds

Node-RED live-data node Verifiable data for IoT devices Sign IoT sensor data All use cases →