To begin with, if you want to send client events, you must establish an authentication endpoint. Typically, this endpoint is operated on the server where your application is hosted. The javascript library anticipates that the authentication endpoint will be situated at
http://yourapp.com/pusher/auth
The implementation of the authentication endpoint will vary depending on the type of server you are using. Most major platforms already have a Pusher server library available.
Although there are workarounds to avoid using an authentication endpoint, it would mean exposing the Pusher app secret key to the client, which poses security risks.
You can refer to an example of an authentication endpoint suitable for Google App Engine here.
Further insights into the functionality of the authentication endpoint:
It accepts POST requests containing the following keys:
socket_id , channel_id
The Pusher javascript library initiates a POST request like this
example.com:80 POST /pusher/auth?socket_id=123456789&channel_id=private-channel
The response from the authentication endpoint is in JSON format and appears as follows:
{"auth": "987654321:1234567890abcdef1234567890abcdef"}
where 987654321 represents your Pusher Application ID and the remaining segment is the HMAC-SHA256 hash of the Pusher App Secret Key
, socket id
, and channel name
combined together
This authentication string is then utilized by the javascript Pusher library
for subscribing to a private channel
All other interactions with Pusher are managed by the javascript library through websockets within the browser.