Skip to main content
The Authentication API manages authentication and authorization for Realtime SDK connections. Use the auth object to request tokens, authorize connections, and manage client identity.

Auth Object

Access the auth object from your Realtime client instance:

Properties

clientId
string
The client ID string configured for this connection. Returns null if no client ID is set.See identified clients for more information.

Methods

authorize

authorize(tokenParams?, authOptions?): Promise<TokenDetails> Obtain a new token and upgrade the current connection to use it. This method also updates the default tokenParams and authOptions for future token requests.
tokenParams
object
Optional token parameters to use for the token request:
  • ttl (integer): Token time-to-live in milliseconds (default: 60 minutes)
  • capability (string): JSON-encoded capability specification
  • clientId (string): Client ID to associate with the token
  • timestamp (integer): Timestamp for the token request
authOptions
object
Optional authentication options:
  • authUrl (string): URL to request token from
  • authCallback (function): Callback function to obtain token
  • authMethod (string): HTTP method for authUrl (GET or POST)
  • authHeaders (object): HTTP headers for authUrl request
  • authParams (object): Query parameters for authUrl request

Returns

Returns a Promise that resolves with a TokenDetails object containing:
  • token (string): The token string
  • expires (integer): Expiry time in milliseconds since epoch
  • issued (integer): Issue time in milliseconds since epoch
  • capability (string): JSON-encoded capability
  • clientId (string): Client ID associated with token

createTokenRequest

createTokenRequest(tokenParams?, authOptions?): Promise<TokenRequest> Create and sign an Ably TokenRequest for use by other clients. This requires an API key to be configured locally.
tokenParams
object
Same as authorize() method.
authOptions
object
Same as authorize() method.

Returns

Returns a Promise that resolves with a TokenRequest object containing:
  • keyName (string): API key name
  • ttl (integer): Token time-to-live
  • timestamp (integer): Request timestamp
  • capability (string): Capability specification
  • clientId (string): Client ID
  • nonce (string): Random nonce
  • mac (string): HMAC signature

requestToken

requestToken(tokenParams?, authOptions?): Promise<TokenDetails> Request an Ably Token from the Ably service. This method issues a new token request to Ably and returns the token.
tokenParams
object
Same as authorize() method.
authOptions
object
Same as authorize() method.

Returns

Returns a Promise that resolves with a TokenDetails object (same as authorize()).

revokeTokens

revokeTokens(specifiers): Promise<void> Revoke one or more tokens. This is useful for logging out users or revoking compromised tokens.
specifiers
array
required
Array of token specifier objects:
  • type (string): Specifier type (token or clientId)
  • value (string): Token string or client ID to revoke

Authentication Strategies

Basic Authentication

Use your API key directly (server-side only):

Token Authentication

Use tokens for enhanced security (client-side):

Auth Callback

Provide a callback function to obtain tokens:

Build docs developers (and LLMs) love

Get started for freeTalk to us