CloudEvents
itCloud native tools and technologies
CloudEvents
CloudEvents is a vendor-neutral specification for describing event data in a common way. It gives producers, consumers, and intermediaries a shared envelope for an event's identity and context.
The specification solves a translation problem. Event platforms often describe the same ideas with different field names and layouts. A consumer then needs custom parsing for every source. CloudEvents defines a small information model and rules for carrying it through formats and protocols.
CloudEvents does not replace your event broker, message protocol, or payload schema. It standardizes the description of an event while leaving those choices to your system.
The mental model: a labeled package
Think of a CloudEvent as a package with a standard shipping label.
CloudEvent
├── context attributes standard labels about the event
│ ├── identity id + source
│ ├── interpretation specversion + type
│ └── useful detail subject, time, content type, schema, extensions
└── data domain-specific payload about the occurrence
The context attributes let infrastructure inspect, route, log, and filter an event without understanding its domain-specific data. The data carries the business or technical details that the consumer needs.
An event records a fact about an occurrence. It does not name a routing destination. A message transports that event from a source toward a consumer. This distinction keeps the event description separate from the delivery mechanism.
Follow the event roles
CloudEvents defines vocabulary for the parts of an event flow:
occurrence -> source -> producer -> message -> intermediary -> consumer
- An occurrence is something noteworthy that happens, such as an object being created.
- A source is the context in which the occurrence happened.
- A producer creates the CloudEvent data structure. It can act for a source that does not emit CloudEvents itself.
- An intermediary forwards a message and may inspect its context.
- A consumer receives the event and acts on it.
One occurrence can produce more than one event. A source can also contain several producer instances. Those producers must coordinate the event identity rules.
Read the four required attributes first
Every CloudEvent has four required context attributes.
| Attribute | Meaning | Design question |
|---|---|---|
id | Identifies the event within its source | How will retries preserve identity? |
source | Identifies the context where the occurrence happened | What stable scope owns the event identity? |
specversion | Identifies the CloudEvents specification version | Can the receiver interpret this envelope? |
type | Describes the kind of event | What stable value will consumers route and code against? |
The combination of source and id must be unique for each distinct event. A producer may reuse the same pair when it resends a duplicate. A consumer may therefore use the pair as a duplicate-detection key.
For the stable 1.0.2 specification, specversion remains 1.0. Patch releases do not change that serialized value.
The producer defines the syntax and meaning of type. The specification recommends a reverse-DNS prefix, such as com.example.order.created, to reduce naming collisions.
Add optional context with purpose
The core specification defines four optional attributes.
| Attribute | Meaning |
|---|---|
datacontenttype | Media type of data |
dataschema | URI identifying the schema followed by data |
subject | Subject of the event within the source context |
time | Time when the occurrence happened, represented as an RFC 3339 timestamp |
Use subject when source identifies a broad scope and a consumer needs a finer target. A storage container could be the source while one object path is the subject.
Keep routing metadata in context only when generic infrastructure needs it. Keep domain detail in data. This separation prevents the envelope from becoming a second payload.
Extension attributes add context outside the core set. They use the same CloudEvents type system and travel through bindings like core attributes. An extension has no meaning unless its definition or your system contract supplies one. Prefer documented extensions when they match your need, and keep custom attributes minimal.
See a structured JSON event
The JSON event format places context attributes and data in one JSON object:
{
"specversion": "1.0",
"id": "evt-123",
"source": "/orders",
"type": "com.example.order.created",
"subject": "orders/42",
"time": "2026-07-15T09:00:00Z",
"datacontenttype": "application/json",
"data": {
"orderId": "42",
"total": 129.00
}
}
This is a structured-mode representation. For JSON structured mode, the message content type is application/cloudevents+json.
The JSON format also defines data_base64 for binary data that cannot be represented directly as JSON. An event cannot use both data and data_base64.
Separate format, binding, and content mode
Three layers answer different questions.
- The core specification defines the event information model.
- An event format serializes the whole event, such as the JSON format.
- A protocol binding maps an event onto a transport message, such as HTTP.
A content mode describes where the attributes and data appear in a message.
structured mode
message metadata: event format media type
message body: attributes + data in one event format
binary mode
message metadata: CloudEvents attributes
message body: event data
In HTTP binary mode, CloudEvents attributes become HTTP headers with the ce- prefix. The event data stays in the HTTP body. The HTTP Content-Type header represents datacontenttype.
POST /events HTTP/1.1
Host: events.example.com
ce-specversion: 1.0
ce-id: evt-123
ce-source: /orders
ce-type: com.example.order.created
Content-Type: application/json
{"orderId":"42","total":129.00}
Structured mode makes the event self-contained in one known format. Binary mode can add CloudEvents context to an existing payload without wrapping that payload. Choose a mode that every component on the path supports. Do not assume an intermediary preserves an encoding unless its contract says so.
Design stable event contracts
CloudEvents gives you common attribute names, not a complete event contract. Your producer and consumers still need agreement on:
- the meaning and lifecycle of each
type; - the scope and stability of
source; - the schema and compatibility rules for
data; - the meaning of
subjectand any extension attributes; - accepted formats, protocol bindings, and content modes;
- size limits, security controls, and failure behavior.
Treat type as a consumer-facing contract. The primer recommends changing it for a backward-incompatible data change. dataschema can identify the payload schema and help tools diagnose compatibility, but it does not make the payload compatible by itself.
Use an official SDK when one fits your language. SDKs can represent, validate, serialize, and deserialize CloudEvents. They reduce mapping mistakes, but they cannot choose good event semantics for you.
Plan for delivery reality
CloudEvents describes events; it does not define a processing model. Your transport or platform determines delivery, ordering, acknowledgement, retry, and batching behavior.
The source and id pair supports duplicate detection, but CloudEvents does not create exactly-once processing. A consumer still needs an idempotency strategy when duplicate delivery is possible.
An intermediary may route using context without decoding data. This is useful, but it makes context broadly visible. The specification warns against putting sensitive information in context attributes because intermediaries may inspect and log them.
CloudEvents also does not define authorization, confidentiality, or data integrity mechanisms. Use protocol security and application security controls. Encrypt sensitive event data when the system contract requires it.
Know when CloudEvents fits
CloudEvents is useful when events cross product, team, platform, or cloud boundaries. It also helps when generic infrastructure must handle events from many sources. Shared context supports common routing, observability, adapters, and SDKs.
It adds less value inside one narrow boundary where every producer and consumer already share a stable private contract. Even there, adopting it may prepare an event for later integration. That benefit must outweigh the added envelope and compatibility work.
Do not use CloudEvents as a substitute for domain modeling. A well-formed event with a vague type and unstable data remains a poor contract. Do not use it as proof of reliable delivery. A valid envelope can still be lost, duplicated, delayed, or processed incorrectly.
A practical learning path
- Learn the event, message, source, producer, intermediary, and consumer vocabulary.
- Memorize the four required context attributes and their invariants.
- Compare structured and binary content modes over HTTP.
- Design stable
source,type,subject, and payload-schema conventions. - Use an official SDK to validate and map events in your language.
- Test the exact formats and bindings used by every component in the route.
- Add idempotency, security, observability, and schema-evolution practices around the envelope.
- Study CloudEvents SQL, subscriptions, and documented extensions only when your use case requires them.
