Pusher REST API authentication

pusher-rest-api.png

The first step on our roadmap for improvement is the ability to authenticate access to the REST API.

Introduction

Thanks to everyone who has been trying out the system recently. We now have 800 people who have signed up, and a good number of these are now starting to integrate with their applications.

As we pointed out previously in the FAQ, we launched the service without any authentication on the API to get an idea of whether this was a service people wanted to use. Since then it has become apparent that people love the simple solution that we have provided, and we have been working hard on making it better for you.

Authenticating the API

The first step on our roadmap for improvement is the ability to authenticate access to the REST API. To be clear on this point, this change stops a person who knows your public API key from broadcasting messages to all of your users. This is kind of important, and we encourage people to upgrade their libraries as soon as they are available.

Sockets are still public by defaut, and this change does not stop a person who knows your public key and channel names from listening on the events you broadcast. Creating private socket connections is on our roadmap too.

Documentation

We have documented our REST API on this page: http://pusherapp.com/docs/rest%5Fapi, along with details of the hashing signature.

Rolling it out

We are going to run the new authenticated endpoint alongside the unauthenticated for a few more weeks. Please upgrade your libraries before then, and get in contact if you are having any difficulties.

If you haven’t done so already, feel free to create a free Pusher account and let us know what you think!