Skip to main content

Documentation Index

Fetch the complete documentation index at: https://www.cometchat.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

An Auth Token is a credential that allows a user to authenticate with CometChat SDKs on the client side. Each token is tied to a specific user and can be used across multiple devices.

Available operations

MethodEndpointDescription
POST/users/{uid}/auth_tokensCreate a new auth token for a user
GET/users/{uid}/auth_tokensList all auth tokens for a user
GET/users/{uid}/auth_tokens/{authToken}Get a specific auth token
PUT/users/{uid}/auth_tokens/{authToken}Update an auth token
DELETE/users/{uid}/auth_tokens/{authToken}Delete a specific auth token
DELETE/users/{uid}/auth_tokensFlush all auth tokens for a user

How auth tokens work

  1. Your server creates a user via the Create User API (optionally with withAuthToken: true).
  2. If not created during user creation, your server generates an auth token via Create Auth Token.
  3. Your server passes the auth token to the client application.
  4. The client SDK uses the token to log in: CometChat.login(authToken).
Auth tokens do not expire by default, enabling persistent sessions across multiple devices simultaneously.To prevent token accumulation and potential abuse, CometChat enforces a rolling retention policy: only the most recent 100 auth tokens per user are kept active. When a new token is issued and the limit is exceeded, the oldest tokens are automatically archived and invalidated. This ensures system integrity without requiring manual token management.If your application requires explicit session control, use the Flush Auth Tokens endpoint to revoke all active tokens for a user, or Delete to revoke a specific token.

Relationships

  • Users — Every auth token belongs to a specific User. The user must exist before a token can be created.
  • Sessions — Each auth token represents an active session. Flushing all tokens logs the user out of every device.

Auth token properties

PropertyTypeDescription
authTokenstringThe token string used to authenticate SDK login.
uidstringThe UID of the user this token belongs to.
createdAtintegerUNIX timestamp of when the token was created.

Error handling

Error CodeDescription
ERR_AUTH_TOKEN_NOT_FOUNDThe specified auth token does not exist
For the complete list of error codes, see Error Guide. For all system limits (token retention policy, etc.), see Properties and Constraints.