Kafka Reachability

kaazing.io needs to be able to connect to your Kafka broker.

In order to stream data from your Kafka broker, kaazing.io will need to connect to it. Today, your Kafka broker needs to be accessible directly from the internet. If your Kafka broker is behind a firewall, then you will need to open an inbound port to allow access. Coming soon, we’ll support connecting to your Kafka broker residing behind a firewall without the need to open a port.

Kafka Protocol

When configuring kaazing.io with connection details to your Kafka broker, you must specify one of the following protocols:

  • Plaintext
  • SSL
  • SSL + client certificate

You choose the protocol when adding a new app in kaazing.io:

Choosing a protocol

A summary of each of the supported protocols is given below. For a more detailed explanation, and how to configure your Kafka broker appropriately, see the Kafka Encryption and Authentication with SSL documentation.


Choose this option for communication with Kafka in the clear.


Although TLS has superseded by SSL, Kafka documentation and configuration refers to SSL for historical reasons. For consistency with Kafka, kaazing.io will also refer to encryption as SSL.

With this option, communication with Kafka will be encrypted.

The server certificate used by your Kafka must be signed by a public CA (Certificate Authority) so that kaazing.io will trust it.

Self-signed server certificates and server certificates signed by a custom CA are not supported.

SSL + Client Certificate

This configuration is like SSL, above, but in addition to that, is for Kafka brokers that require a client certificate for authorization.

If you select this option, you’ll be given a pubic certificate from the signer of the client certificate. The public certificate will need to be added to the truststore of your Kafka broker.