Skip to main content

Overview

API token management is a login authentication process that allows a social.plus user to access social.plus applications in a unified and streamlined environment. social.plus SDK provides AmityUserTokenManager to manage user credentials. This includes an access token that can be used to access some Beta features.
Please be aware that we do not provide any API to support the usage of user tokens on the client SDK. To use this user token, you must interact with social.plus Server APIs with your own effort.

Create a User Token

To create a new user token, refer to the following example and the parameters below.

Parameters

ParameterTypeRequiredDescription
userIdStringThe unique identifier of the user whose credentials are being managed by the AmityUserTokenManager
displayNameStringThe display name of the user. If provided, it will be associated with the user’s credentials
authTokenStringThe user’s authentication token. If provided, it will be used to authenticate the user when accessing the social.plus application

Implementation

// 1. create AmityUserTokenManager instance.
let userTokenManager = AmityUserTokenManager(apiKey: "<api-key>", region: .SG)

func createNewUserTokenExample() async {
    // 2. call `createUserToken` on AmityUserTokenManager.
    do {
        let auth = try await userTokenManager.createUserToken(
            userId: "<user-id>",
            displayName: "<(optional)-display-name>",
            authToken: "<(optional)-auth-token>"
        )
        print("auth.accessToken: \(auth.accessToken)")
    } catch {
        print("unable to create a new user token: \(error.localizedDescription)")
    }
}

Token Security

  • Store tokens securely on the server side
  • Use encryption for token storage
  • Implement token rotation policies
  • Never expose tokens in client-side code
  • Always use HTTPS for token transmission
  • Implement proper authentication headers
  • Use secure communication channels
  • Log token usage for audit purposes

Best Practices

  • Cache tokens to avoid unnecessary creation
  • Implement token validation before usage
  • Use connection pooling for better performance
  • Handle token expiration gracefully
  • Implement comprehensive error handling
  • Log all token operations for debugging
  • Provide meaningful error messages
  • Implement retry logic for transient failures
  • Batch token operations when possible
  • Use background processing for token creation
  • Implement caching strategies
  • Monitor token usage patterns

Next Steps

User Authentication

Learn about standard user login and authentication

API Integration

Explore social.plus API documentation