Authenticate

POST/api/public/auth/socket

Obtain a JWT token for establishing a WebSocket connection. The token grants access to your personal channels based on your account.

Request Headers

ParameterTypeDescription

X-AUTH-TOKENrequiredstringYour API key Content-Typestringapplication/json

Request Body

No request body is required for standard authentication. The server automatically assigns channels based on your user account.

bash

curl -X POST https://exportcomments.com/api/public/auth/socket \
  -H "X-AUTH-TOKEN: your-api-key"

Response200

json

{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."
}

Token Details

Property	Value
Format	JWT (JSON Web Token)
TTL	24 hours (authenticated users)
Algorithm	HS256

The token includes your user UUID as the subject and pre-authorizes subscription to your personal channels:

user:{uuid}
exports:{uuid}
webhooks:{uuid}
user_notifications_channel:{uuid}
user_dashboard_channel:{uuid}

Token Refresh

The Centrifuge client SDK handles token refresh automatically. When you provide a getToken callback, the SDK calls it whenever the token expires or the connection needs re-authentication.

javascript

const client = new Centrifuge('wss://exportcomments.com/connection/websocket', {
  getToken: async () => {
    // This is called automatically when the token expires
    const res = await fetch('https://exportcomments.com/api/public/auth/socket', {
      method: 'POST',
      headers: { 'X-AUTH-TOKEN': 'your-api-key' },
    });
    const data = await res.json();
    return data.token;
  },
});

💡

No manual refresh needed

You do not need to implement token refresh logic yourself. The getToken callback is invoked by the SDK whenever a new token is required, including on initial connection and after token expiration.