Every API request to Stream must include the API Key of the app performing the request and an authentication token generated using the API Key secret.
If generating a token to use client side, the token must include the userID claim in the token payload as described here, where as server tokens do not.
In this article, we show you how to generate a server authentication token to perform server-side requests to the Chat REST API endpoints using the JSON Web Tokens website.
Obs.: If you are not familiar with JWT we recommend reading more about it here.
1. Head to jwt.io Debugger website.
2. Header - Select the algorithm HS256 (usually it is selected by default) and make sure the Header section contains the algorithm and the token type as follows:
3. Payload - Put into the payload a UNIX timestamp with an expiration date (recommended), for example:
Alternatively, you can set a token without an expiration date by specifying it in the Payload, like this:
4. Signature - Fulfill the field "Verify signature" with your Stream API Key secret. You can obtain it from the dashboard.
5. Output - Copy the encoded token and pass it to your header Authorization request. i.e.:
curl --location --request POST 'https://chat.stream-io-api.com/channels' \
--header 'Stream-Auth-Type: jwt' \
--header 'Authorization: YOUR SERVER TOKEN HERE' \
--header 'Content-Type: application/json' \
--header 'api_key: YOUR API KEY' \
"cid" : "messaging:testing123"
Now you should be ready to perform server-side requests like updating permissions, setting user roles, deactivate/reactivate users, creating custom commands, etc.