Is it possible to use the RESTful Sendbird API from the client instead of the SDK?
If so, can I use my user’s auth token in the header?
I’d like to get the unread counts from the API instead of the SDK (i.e. websocket).
Hello @Simon_Reggiani,
It’s possible, but WE NEVER RECOMMEND that the client holds the API Token or something to access the Platform API.
To access the Platform API with the API token and to be the administrator are completely identical. The Platform API can do everything including removing any channels, any messages, and any users.
If the client has the API token, someone might be able to steal it by disassembling or reverse engineering. This is extremely dangerous.
Please keep your client and data secure.
Thanks Jed.
We’re already using an access token for each user in the client SDK as per: https://docs.sendbird.com/javascript/authentication
Wouldn’t that access token work with the Platform API?
Is the concern that using a RESTful API, this token would be more easily sniffed than with the client SDK using a websocket?
I mean, if the API Token is included in the source code and hardcoded, it can be stolen easily. If the token is the master API token, there is no way to revoke it.
The SDK uses an access token only for establishing a session for each user. Since then, as long as the session is valid, the access token is never used. It can’t be used for the Platform API. The session can access the data for each user or the user-related resource only. However, the API Token allows to access everything. It’s too risky.
Why do you want to use the Platform API to get the unread counts, even though the SDK provides it? Can you share your use-case?
I have an app with chat screen.
As this is not the main feature of the app, I’m only connecting the SDK when the screen is opened and disconnecting when the screen is closed.
But I also need to get the unread counts in a previous screen. So I’m connecting, getting each channel, getting their unread count, and disconnecting. The issue is that the user can also access the chat screen while that unread flow is done in the background which leads to race conditions errors where the disconnect of the unread count flow is done while connecting in the chat screen to retrieve messages.
I would like to avoid to connect to the websocket prior to the chat screen and so using a REST API for that would be better.
I don’t understand what the unread flow is and which issue the opened connection makes. Do you worry that the opened connection sets the unread count to zero?
Sorry that was not very clear.
In the app, I have a screen that shows current chats.
The list of chats comes from my backend, not Sendbird. But it doesn’t include the number of unread messages for each chat.
To get that info, in that screen, I connect to the SDK, get each channel, grab their unread count and disconnect.
When a user clicks on one of the current chats, I open the chat screen when I connect to the SDK, get the channel, load messages, listen for new messages using the handler and disconnect as soon as the user exits that screen, disconnect from the SDK.
From error reports I see in Sentry, it seems that the connection lost between the connect() and the loadMessages (i.e. createPreviousMessageListQuery()). I’m wondering if it’s because the previous hasn’t had a chance to disconnect the SDK in the background and just did in between connect() and loadMessages().
As far as I understand, you store the channels in your server and load them from your server without using the Sendbird’ Platform API. If so, I think the unread count for each channel on your UI may have a consistency issue. The channel that the user didn’t enter will show an inaccurate unread count. Let me know if there is anything that I misunderstand.
Is there any specific reason that you don’t use GroupChannelListQuery to retrieve the channel list? I think the query provides what you want.
