QuickBlox API can be accessed either with session token or with API key.
{API_KEY}
with the actual API key value.
{USER_ID}
with the unique identifier of the QuickBlox user.
Security Considerations
To maintain the security and integrity of the API key, follow these best practices:
/session.json
endpoint. Once a token is received, it becomes a part of each request and is placed within its header.
There are two types of tokens: application session token and user session token. The application session token is limited to read-only permissions preventing changes to application data while the user session token is not restricted in permissions and allows for making edits to application data.
Session Token Type | Description |
---|---|
Application session token | This kind of access token is needed to read the app data. Has only READ access to resources. The expiration time after the last Server API request is 2 hours. |
User session token | The user token is the most commonly used type of token. This kind of access token is needed any time the app calls a Server API to read, modify or write a specific user’s data on their behalf. Has READ/WRITE access to resources. The expiration time after the last Server API request is 2 hours. |
Required session does not exist
. In this case, you have to recreate a session token.parameter=value
pairs that should be sorted alphabetically by their text value and separated by the &
character. Use the parameters of the create session request to form the string.&
symbol.parameter=value
pairs. For example: application_id=716730&auth_key=bbfeCwWtz8dqF4F&nonce=33432×tamp=1572434294