Store Sign in Sign up Connect with Us Let's Connect
#
Cloud Service

Soracom Beam

Protocol conversion and TLS offloading service that forwards device traffic securely to any cloud endpoint.

Send lightweight device data to the cloud without handling encryption yourself

Forward device traffic securely without adding cost or complexity to firmware

Soracom Beam lets devices send simple HTTP, TCP, UDP, or MQTT traffic to a Soracom endpoint, while Beam handles encryption, authentication, and protocol conversion in the cloud. Acting as a secure proxy, Beam upgrades lightweight device traffic to HTTPS or MQTTS, injects required API keys or headers, and formats payloads for your cloud services—so devices send fewer bytes, use less power, and keep firmware simple, while your applications still receive fully authenticated, encrypted data.

Image showing how Beam's proxy service works

Why use Soracom Beam for your project?

Lighten your device code

Replace heavy TLS stacks with simple HTTP, UDP, or MQTT device logic.

Protect your credentials

Store API keys and certs securely in the cloud, not on the device.

Adapt easily

Change cloud endpoints without updating deployed firmware.

How it works

Image showing how Soracom Beam works

Offload TLS and protocol conversion

Beam converts lightweight device traffic—HTTP, TCP, UDP, or MQTT—into secure HTTPS or MQTTS. This removes the need for devices to maintain expensive TLS stacks, reducing code complexity, bandwidth usage, and modem airtime.

Image showing how Soracom Beam works.

Inject cloud credentials securely in the cloud

Instead of embedding API keys or certificates on the device, Beam injects credentials inside the Soracom platform before forwarding traffic. This improves security and makes it easy to rotate keys or change endpoints without firmware updates.

Image showing data being routed to select endpoints

Route to any cloud service or custom endpoint

Beam can forward data to any HTTPS or MQTTS destination, including AWS IoT Core, Google Cloud IoT Core, Azure IoT Hub, custom APIs, proxies, databases, or message brokers. You control routing per device group through the Soracom Console or API.

Learn more in the Beam Developer Guide
Evaluate Soracom Beam today

Explore configuration examples, protocol conversion patterns, security best practices, and sample code in the developer docs, or start testing with a small fleet today.

Visit Developer Docs

What you’d build without Soracom Beam

Add full TLS stacks to device firmware
Devices must implement HTTPS or MQTTS natively, increasing memory demands, power consumption, and code complexity.

Embed and rotate cloud credentials on every device
API keys and certificates must be securely stored and updated in-field, adding risk and operational burden for large fleets.

Operate your own proxy or relay server
You’d need to build, deploy, secure, and maintain a custom gateway to convert device traffic before forwarding to cloud analytics or storage.

Architecture and implementation

Soracom Beam sits between devices and cloud endpoints, acting as a lightweight protocol proxy. Devices send basic HTTP, TCP, UDP, or MQTT traffic to a Soracom endpoint. Beam then adds encryption, injects API keys or certificates, optionally performs protocol conversion, and forwards the data to your chosen cloud destination. It’s ideal for reducing device-side complexity, improving battery life, and enabling secure data ingestion without managing edge-side credentials.

Image showing the architecture of Soracom Beam
Secure cloud ingestion for low-power devices

Devices send simple UDP or HTTP packets to Beam, which upgrades the traffic to secure HTTPS or MQTTS before forwarding to your cloud.

Easily rotate credentials across an entire fleet

Update API keys or certificates in the Soracom Console and Beam applies them automatically for all devices in a group.

Route traffic to custom APIs or multi-cloud systems

Use Beam to point devices to new endpoints without firmware changes, supporting staging, blue/green deployments, and multi-cloud transitions.

Image showing the ability to transform protocols with Beam
Step 1

Enable Soracom Beam and select the protocol you want to offload

Open the Soracom User Console and navigate to the SIM group where you want to enable protocol conversion or TLS offloading.

 

Enable Soracom Beam in the group settings and choose the protocol you want Beam to handle—such as HTTP → HTTPS, MQTT → MQTTS, or TCP → TLS.

 

Beam lets devices send simple, lightweight traffic to Soracom while Beam performs secure encryption, certificate handling, and protocol translation on their behalf.

 

Setup steps are available in the Soracom Beam documentation.

Image of data being routed to select endpoints
Step 2

Point your devices to the Beam endpoint using simple, unencrypted protocols

Update your device to send data to the Soracom Beam endpoint for your selected protocol.

 

Devices can communicate using plain HTTP, MQTT, or TCP without storing certificates or performing TLS handshakes, reducing memory, CPU, and firmware complexity.

 

Beam translates and secures the traffic before forwarding it to your cloud service, ensuring encryption without device-side overhead.

Image of data securely heading to determined endpoints
Step 3

Configure Beam to deliver your data securely to cloud or application endpoints

In the SIM group settings, specify the destination host, port, and security settings for your cloud platform or application server.

 

Beam will securely deliver your translated traffic to AWS IoT, Azure IoT Hub, Google Cloud, or any HTTPS/TLS-enabled backend—using preconfigured credentials stored in Soracom.

 

You can monitor delivery results and adjust routing or security settings without updating device firmware.

 

Destination configuration examples are listed in the Beam configuration guide.

How Soracom Beam works with other Soracom services

Use Beam + Funnel for built-in cloud adapters
Beam handles protocol conversion and encryption, while Funnel uses preconfigured adapters for AWS, Azure, or Google Cloud ingestion.

Use Beam + Canal or Door for private networking
Route upgraded HTTPS/MQTTS traffic through Canal’s private VPC peering or Door’s Site-to-Site VPN for full private paths to cloud systems.

Use Beam + Harvest/Lagoon for diagnostics
Mirror or transform data for quick inspection in Harvest and visualize trends in Lagoon alongside your cloud analytics pipeline.

#

Simplify secure IoT data delivery with Soracom Beam

Create a free Soracom account, connect a test device, and use Beam to forward traffic securely to any cloud endpoint—no TLS stack or credential management required.

Sign up and start testing

Articles about Soracom Beam

Satellite IoT

How Skylo and Soracom Are Expanding IoT Beyond Cellular

Services
By: Ryan Carlson
Soracom Couchbase partnership

Exploring the Power of Soracom and Couchbase: A Comprehensive Demo

Projects
By: Steven Hardy
IoT door sensor, door opening

Creating a Smart IoT Door Sensor with Soracom

Projects
By: Steven Hardy
Abstract Data, statistics, Data traffic

How to Optimize Your Soracom Data Traffic

Services
By: Steven Hardy
Geofencing, location services, image by Adobe stock

Geofencing with Soracom Beam Signature V4 Feature and Amazon Location Service

Projects
By: Taketo Matsunaga
Soracom Beam, Soracom Funnel, Soracom Funk

Solving IoT Issues: How to Choose Between Soracom Beam, Funnel, and Funk

Services
By: Steven Hardy
AWS location service, soracom beam

How to Send Location Data to Amazon Location Service Using Soracom Beam

Projects
By: Taketo Matsunaga
Connectivity, Cloud, Image by Adobe Stock

Connecting Your Cassia BLE Gateway to AWS IoT with Soracom

Projects
By: Brenna Belletti

What is Killing Your IoT Device’s Battery?

IoT Advice
By: Jason Segarra
View all content

Frequently Asked Questions

What is Soracom Beam?
Beam is a secure proxy service that converts lightweight device traffic into encrypted HTTPS or MQTTS requests before forwarding them to cloud endpoints.
Does Beam reduce device power usage?
Yes. Devices avoid establishing TLS sessions, significantly reducing transmission time and improving battery life.
Which protocols does Beam support?
Beam supports HTTP, HTTPS, TCP, UDP, MQTT, and MQTTS, as incoming or outgoing protocols depending on configuration.
Does Beam support bi-directional traffic?
Beam primarily handles outbound device-to-cloud data. For two-way traffic, pair Beam with Soracom Gate or Canal.
How is Beam different from Funnel?
Beam is general-purpose and supports any HTTP/MQTTS destination, while Funnel provides built-in adapters for specific cloud services.
Can Beam inject API keys or certificates?
Yes. Credentials are stored securely in the Soracom platform and added in the cloud, not on the device.
Can I change routing without updating firmware?
Yes. You can update Beam settings at the SIM-group level in the console and all devices inherit the new behavior.
Is Beam suitable for low-power or constrained devices?
Absolutely—Beam is designed specifically to reduce device-side compute, memory, and power requirements.