šŸ“Œ
Pusher
  • Pusher Support Portal
  • šŸ“ˆChannels
    • Channels
      • Events
        • Does Channels Store a History Of Events And Messages?
        • Does Channels Guarantee Message Delivery to Clients?
        • How Can I Get Missed Messages After Reconnecting To Channels?
        • How Can I Enable Client Events Within My Application?
        • How Can I Implement Message (Event) History In Channels?
        • Is It Possible To Schedule Event Sending in My Channels App?
        • What Happens If I Publish Events To Channel If No Clients Are Subscribed?
        • Why Do You Require Server Authentication To Use Client Events?
        • Why Don't Channels Events Arrive In Order?
        • How Do I Trigger An Event From A Bash Shell Script?
      • Libraries
        • Does Pusher Channels work with React Native?
        • Can I Host pusher js On My Own Server?
        • Does Channels Work With My Specific Technology?
      • Limits
        • How Are Concurrent Connections Counted?
        • How Can I Add Other Contacts To My Channels Limits Notifications?
        • How Can I Configure Usage Summaries?
        • How Can I Monitor My Account Usage?
        • How Is My Message Count Calculated In Channels?
        • What Happens When I Hit My Channels Plan Limits?
        • Over What Time Period Are My Channels Limits Counted?
        • What Is The Message Size Limit When Publishing an Event in Channels?
        • Why Do My Channels Metrics Graphs and Stats Numbers Show Different Values?
        • What Is The Maximum Number of Channels Supported Per App?
      • Presence
        • How Do I See The Members Of A Presence Channel Without Appearing In It?
        • How Can I Implement Large Presence Channels On Channels?
        • Why Do Presence Channels Generate So Many Messages?
      • Subscribing
        • Providing A Custom Channels Authoriser
        • Should I Subscribe To Lots Of Channels?
        • What Does The Error 'Invalid channel name' Mean?
      • Troubleshooting
        • How Can I Perform Connectivity Diagnostics For My Version Of Pusher JS?
        • How Can I Debug My Channels Webhooks?
        • How Do I Use The Channels Debug Console And Event Creator?
        • How Does Pusher Channels Protect Against Denial Of Service Attacks?
        • My Channels Application Is Encountering An Error Code, What Does This Mean?
        • Reporting Bugs and Technical Issues
        • We Are Seeing Timeouts From The Pusher Channels API, What Can We Do?
        • What Can Cause Error '401 Unauthorized' From The Channels REST API?
        • What Does The "Unsupported event received on socket <event_name>" Error Mean?
        • What Does The 'Timestamp Expired' Response From The Channels Rest API Mean When Triggering An Event?
        • What Is Meant By Channels Error 1006?
        • What Is Meant By Channels Error 4200?
        • Why Am I Receiving "Websocket Is Closed Before The Connection Is Established" Error Messages?
        • Why Am I Receiving The 'Invalid key in subscription auth data' Error?
        • Why Am I Seeing The Error "There was a problem creating your WebHook, please try again" When Trying
        • Why Am I Receiving The "Invalid signature: Expected HMAC SHA256" Error?
        • Why Can't I Connect To Channels?
        • Why Does My Channels Event Report Error "The 'pusher' namespace is reserved for internal usage"?
        • Why Don't I Receive Notifications When My Ios Or Android Channels App Is In The Background?
        • Why Is My User Stuck In A Presence Channel?
      • Webhooks
        • Channels Webhook Timeouts and Retries
        • Can You Give Me A List Of IPs That Pusher Channels Webhooks Will Be Sent From?
        • How Can My Server Be Notified When Users Join Or Leave A Presence Channel?
        • What Is The Batch Size and Batch Window For Channels Webhooks?
        • Why Is My Server Not Receiving Webhooks Channels?
      • Connecting
        • Can You Provide Me With a List of IP Addresses that Channels Uses?
        • How Can I Manually Unsubscribe Clients From My Server?
        • Does Channels Work In Mainland China?
        • How Can I Add A Cluster Failover Process to My Channels Integration?
        • How Can I Stop Channels Users Going Offline For An Instant When They Navigate Between Pages?
        • How Can I Transition A Live App To A Different Cluster?
        • Can I use Pusher Channel Authentication with Web Framework CSRF Protection?
        • Iā€™m Having Problems With The Reliability Of My Clients Connections To Pusher, What Can I Do?
        • Managing Channels keys in Mobile Apps
        • What Are Concurrent Channels Connections?
        • What Channels Clusters Exist?
        • What Content Security Policy (CSP) do I need for Channels?
        • What happens if a user is on a poor connection that occasionally drops? Will they miss messages?
        • What Ports Do I Need To Open In My Firewall To Allow Channels To Connect?
        • Why Am I Seeing More Channels Connections Than I Expect?
        • What WebSocket Protocols Does Channels Support?
        • How Can I Rotate My Channels App Keys
  • šŸ””Beams
    • Beams
      • Libraries
        • Does Beams support React Native?
        • Ho Do I Implement Beams With A Specific Technology?
        • Does Beams have React Native support?
        • What Libraries Does Beams Support?
      • Limits
        • What Are Beams Subscribers and How Are They Counted?
        • What Happens When I Hit My Beams Plan Limits?
      • Publishing
        • How Can I Set The Time-To-Live (TTL) For a Push Notification?
        • Why Don't Fcm Notifications Trigger ā€˜onMessageReceivedā€™ When In The Background State?
        • How Can I Rotate My Beams Instance Keys
      • Webhooks
        • Beams Webhook Timeouts and Retries
      • Troubleshooting
        • Can You Provide Me With A List Of IP Addressed That Beams Uses?
        • What Ports Are Required To Receive Beams Notifications On My iOS Device?
        • How Can I Migrate Between Beams Instances?
        • Why Am I Receiving Error `Push notification prompting can only be done from a user gesture` In Safar
  • šŸ’°Account/Billing
    • Account/Billing
      • Legal
        • How Can I Comply With HIPAA When Using Pusher Channels?
        • How Can I Comply With HIPAA When Using Pusher Beams?
        • Where Can I Find Your Cookie Policy?
        • What Hosting Provider(s) And Other Subprocessors Does Pusher Use?
        • Can I Sign a DPA With Pusher
        • Does Pusher Track And Use IP Addresses?
      • Dashboards
        • How Can I Add Collaborators To My Beams Instance?
        • How Can I Add Teammates As Collaborators To My Channels App?
        • How Can I Delete My Pusher Account?
        • How Can I Reset My Password For The Pusher Dashboard?
        • How Can I Transfer App Ownership From One Channels Account To Another?
        • How Can I Transfer Instance Ownership From One Beams Account To Another?
        • How Can I Update My Channels Billing Email Address?
        • How Can I Update My Pusher Account Email Address?
      • Account Information
        • How Can I Add 2-Factor Authentication To My Pusher Account?
      • Payments / Billing
        • Can I Pay For Channels Using Amex?
        • Can I Switch To Invoice Billing For My Subscription?
        • How Can I Change The Account Name That Appears On My Channels Statement?
        • How Can I Get The Billing Statements For My Channels Account?
        • How Can I Update My Billing Details For Beams?
        • What Can I Do If My Credit Card Is Declined?
        • How Can I Update My Payment Details For Channels?
      • Plans
        • How Does My Channels Plan Level Affect The Limits Of My Apps?
        • How Can I Downgrade My Beams plan?
        • How Can I Downgrade My Channels Plan?
        • How Can I Upgrade My Beams Plan?
        • How Can I Upgrade My Channels Plan?
        • I Have Upgraded My Channels Collaborator Account Instead Of The App Owner Account, What Now?
Powered by GitBook
On this page
  • Problem:
  • Solution:
  • Keys Supplied from Server
  1. Channels
  2. Channels
  3. Connecting

Managing Channels keys in Mobile Apps

Problem:

When integrating Channels with apps for iOS and Android, a common question is how to manage the Channels app keys and secrets required to connect the mobile app to Pusher.

As the keys can require changing at times, we recommend that you implement a process to manage this change. This can become necessary, for example, when a key has become compromised.

As a general recommendation, you should use different Channels app credentials for each application you need to connect to your Channels app (e.g. mobile apps, server-side processes, Javascript on your website). This ensures that if a key becomes compromised, only that key needs to be changed and other applications will not be impacted. In the Dashboard for your app you can create additional app credential sets as required

Solution:

There are generally two approaches to solving this, each with their own advantages and disadvantages.

Key Included in the App

The most straightforward way of supplying the mobile app with the required key is to include it in the app's code or package.

This requires no further involvement or maintenance unless the key needs to be changed. If this does happen, a new release of the app through Google Play or the App Store is necessary that includes the updated key.

Key drawbacks of this approach are:

* The turnaround time for publishing new version can be quite long.

* Not all users will install the update quickly.

* For a period, multiple credentials need to be maintained so that all app versions continue to function.

* If a key is actively being abused, it will be impossible to counteract this without shutting down your app entirely.

This method is good for apps where the keys are changed infrequently as it requires no additional overhead once the app is published unless a key needs changing.

In that event, create a new credential pair for your corresponding Channels app in the Dashboard and include it in the next version of your mobile app. Do not delete the old pair as this would cause existing installations of your app to fail. Pusher is unable to restore credentials that have been deleted. After the new version has been rolled out through Google Play or the App Store, you will need to wait until most users have installed the update before finally deleting the old credentials on the Dashboard.

Keys Supplied from Server

To ensure you can change keys quickly without impairing the functionality of your mobile apps, you can store your keys securely on a server you control and provide them in an encrypted form to the apps on request - instead of including the keys in each app itself.

In this scenario, your mobile app will make a request to your server each time it starts (or immediately before connecting to Channels) to retrieve the current credentials. The app will need a way to authenticate and decrypt the response which cannot easily be replicated outside of your app (e.g. by using a shared secret or certificate-based authentication).

This approach allows you to change app keys within minutes and minimal disruption to your app but has the drawback requiring a highly available application server without which your app will not function.

When using this technique, you can change keys by creating a new pair, updating your server with it and removing the old one once most apps have picked up the change.

PreviousIā€™m Having Problems With The Reliability Of My Clients Connections To Pusher, What Can I Do?NextWhat Are Concurrent Channels Connections?

Last updated 1 year ago

Still have questions? Please reach out to our Support team by visiting .

šŸ“ˆ
this page