Authentication

The Streamoji API uses temporary Auth Tokens to secure requests. You must include a valid token in the Authorization header for every API call.

Authorization: Bearer <AUTH_TOKEN>

Generating an Auth Token

To generate an Auth Token, you need to call the getAuthToken endpoint from your backendusing your Client-Id and Client-Secret (obtained from the Developer Console).

Tokens are valid for 30 minutes and you can generate unlimited tokens.

const CLIENT_ID = "YOUR_CLIENT_ID";
const CLIENT_SECRET = "YOUR_CLIENT_SECRET";

async function getAuthToken(userId, userName) {
  const response = await fetch(
    "https://us-central1-streamoji-265f4.cloudfunctions.net/getAuthToken",
    {
      method: "POST",
      headers: {
        "Content-Type": "application/json",
        "Client-Secret": CLIENT_SECRET,
        "Client-Id": CLIENT_ID,
      },
      body: JSON.stringify({ userId, userName }),
    }
  );

  const data = await response.json();

  if (!data.success) {
    throw new Error("Auth token generation failed");
  }

  return data.authToken; // Valid for 30 minutes
}

Request Parameters

userId: A unique identifier for the user (e.g., "user_123")
userName: Display name for the user (shown in Developer Console)

The userId and userName help you track activity in the Developer Console, allowing you to see usage metrics per user.

⚠️ Security Warning

NEVER expose your Client Secret in the frontend. The Client Secret must always be stored and used exclusively in your backend. Only the generated authToken should be passed to your frontend.