Use Spring Kafka with Azure Event Hubs for Kafka API

This tutorial shows you how to configure a Java-based Spring Cloud Stream Binder to use Azure Event Hubs for Kafka for sending and receiving messages with Azure Event Hubs. For more information, see Use Azure Event Hubs from Apache Kafka applications

In this tutorial, we'll include two authentication methods: Azure Active Directory (Azure AD) authentication and Shared Access Signatures (SAS) authentication. The Passwordless tab shows the Azure AD authentication and the Connection string tab shows the SAS authentication.

Azure AD authentication is a mechanism for connecting to Azure Event Hubs for Kafka using identities defined in Azure AD. With Azure AD authentication, you can manage database user identities and other Microsoft services in a central location, which simplifies permission management.

SAS authentication uses the connection string of your Azure Event Hubs namespace for the delegated access to Event Hubs for Kafka. If you choose to use Shared Access Signatures as credentials, you need to manage the connection string by yourself.



Spring Boot version 2.5 or higher is required to complete the steps in this tutorial.

Prepare credentials

Azure Event Hubs supports using Azure Active Directory (Azure AD) to authorize requests to Event Hubs resources. With Azure AD, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user or an application service principal.

If you want to run this sample locally with Azure AD authentication, be sure your user account has authenticated via Azure Toolkit for IntelliJ, Visual Studio Code Azure Account plugin, or Azure CLI. Also, be sure the account has been granted sufficient permissions.


When using passwordless connections, you need to grant your account access to resources. In Azure Event Hubs, assign the Azure Event Hubs Data Receiver and Azure Event Hubs Data Sender role to the Azure AD account you're currently using. For more information about granting access roles, see Assign Azure roles using the Azure portal and Authorize access to Event Hubs resources using Azure Active Directory.

Send and receive messages from Azure Event Hubs

With an Azure Event hub, you can send and receive messages using Spring Cloud Azure.

To install the Spring Cloud Azure Starter module, add the following dependencies to your pom.xml file:

  • The Spring Cloud Azure Bill of Materials (BOM):



    If you're using Spring Boot 3.x, be sure to set the spring-cloud-azure-dependencies version to 5.5.0. For more information about the spring-cloud-azure-dependencies version, see Which Version of Spring Cloud Azure Should I Use.

  • The Spring Cloud Azure Starter artifact:


Code the application

Use the following steps to configure your application to produce and consume messages using Azure Event Hubs.

  1. Configure the Event hub credentials by adding the following properties to your file.${AZ_EVENTHUBS_NAMESPACE_NAME};supply${AZ_EVENTHUB_NAME}$Default${AZ_EVENTHUB_NAME}


    If you're using version spring-cloud-azure-dependencies:4.3.0, then you should add the property<kafka-binder-name>.environment.spring.main.sources with the value

    Since 4.4.0, this property will be added automatically, so there's no need to add it manually.

    The following table describes the fields in the configuration:

    Field Description Specifies the Azure Event Hubs endpoint. Specifies the input destination event hub, which for this tutorial is the hub you created earlier. Specifies a Consumer Group from Azure Event Hubs, which you can set to $Default in order to use the basic consumer group that was created when you created your Azure Event Hubs instance. Specifies the output destination event hub, which for this tutorial is the same as the input destination.


    If you enable automatic topic creation, be sure to add the configuration item, with the value set to at least 1. For more information, see Spring Cloud Stream Kafka Binder Reference Guide.

  2. Edit the startup class file to show the following content.

    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;
    import org.springframework.boot.CommandLineRunner;
    import org.springframework.boot.SpringApplication;
    import org.springframework.boot.autoconfigure.SpringBootApplication;
    import org.springframework.context.annotation.Bean;
    import org.springframework.messaging.Message;
    import reactor.core.publisher.Flux;
    import reactor.core.publisher.Sinks;
    import java.util.function.Consumer;
    import java.util.function.Supplier;
    public class EventHubKafkaBinderApplication implements CommandLineRunner {
        private static final Logger LOGGER = LoggerFactory.getLogger(EventHubKafkaBinderApplication.class);
        private static final Sinks.Many<Message<String>> many = Sinks.many().unicast().onBackpressureBuffer();
        public static void main(String[] args) {
  , args);
        public Supplier<Flux<Message<String>>> supply() {
            return ()->many.asFlux()
                           .doOnNext(m->"Manually sending message {}", m))
                           .doOnError(t->LOGGER.error("Error encountered", t));
        public Consumer<Message<String>> consume() {
            return message->"New message received: '{}'", message.getPayload());
        public void run(String... args) {
            many.emitNext(new GenericMessage<>("Hello World"), Sinks.EmitFailureHandler.FAIL_FAST);


    In this tutorial, there are no authentication operations in the configurations or the code. However, connecting to Azure services requires authentication. To complete the authentication, you need to use Azure Identity. Spring Cloud Azure uses DefaultAzureCredential, which the Azure Identity library provides to help you get credentials without any code changes.

    DefaultAzureCredential supports multiple authentication methods and determines which method to use at runtime. This approach enables your app to use different authentication methods in different environments (such as local and production environments) without implementing environment-specific code. For more information, see DefaultAzureCredential.

    To complete the authentication in local development environments, you can use Azure CLI, Visual Studio Code, PowerShell, or other methods. For more information, see Azure authentication in Java development environments. To complete the authentication in Azure hosting environments, we recommend using user-assigned managed identity. For more information, see What are managed identities for Azure resources?

  3. Start the application. Messages like the following example will be posted in your application log:

    Kafka version: 3.0.1
    Kafka commitId: 62abe01bee039651
    Kafka startTimeMs: 1622616433956
    New message received: 'Hello World'

Deploy to Azure Spring Apps

Now that you have the Spring Boot application running locally, it's time to move it to production. Azure Spring Apps makes it easy to deploy Spring Boot applications to Azure without any code changes. The service manages the infrastructure of Spring applications so developers can focus on their code. Azure Spring Apps provides lifecycle management using comprehensive monitoring and diagnostics, configuration management, service discovery, CI/CD integration, blue-green deployments, and more. To deploy your application to Azure Spring Apps, see Deploy your first application to Azure Spring Apps.

Next steps