Frequently Asked Questions - API

I am not getting connection status 1 - `online`

If you are not getting connection status 1, and getting 4 or 5, you are not passing the correct appid while creating a token. The appid passed to create a token must match the Android package name declared in the AndroidManifest.xml (and google-services.json), Or the iOS bundle id declared in the Xcode project (for example, ). If you are using Javascript API or other platforms, ensure that you pass the same app id to the setAppName API call.

Also, ensure that you are NOT using the App Token. App Token must be secret and should only be used from the backend API. You MUST only use a user access token in your real-time API.

We recommend checking Get Started Guide to quickly learn core mesibo concepts.

What is Message Expiry?

The expiry parameter specifies a delivery deadline for each message. It ranges from immediate (zero) to a few days, configured per message when sending. mesibo will not deliver messages past the set expiry period.

Setting expiry enables real-time as well as time-bound delivery requirements. For example, an expiry of 0 forces real-time cut-through routing to deliver only to online users. Any value greater than 0 sets a maximum time window for delivery guarantees.

Behind the scenes, mesibo retains all messages until they are successfully delivered or their defined expiry period passes - whichever comes first.

Expiry is specified in seconds.

How can I send a message to online users only?

Set expiry to zero , then messages will be sent only in real time and to users who is online only.

How can I enable read receipts?

The read receipt feature is enabled by default when sending messages. You can enable or disable read receipt by:


How do I restrict user access tokens to a particular app or domain?

User access tokens are only applicable to your app and issued only to authorized users by you. Hence there is less possibility of anyone reusing it.

For Android and iOS, user access tokens are restricted to the Android package name or iOS bundle ID. They can not be used on apps having a different app or bundle ID. Refer to the User Management APIs to learn more, Multiple apps with different package names or bundle IDs can come under one mesibo app and can communicate with each other as long as you use corresponding package name or bundle ID while generating a token for that particular app user.

For Javascript, there is no reliable method to detect domain or app name, and hence the same security policy does not apply. Domain and referrer methods used by many service providers (including Google) are subject to DNS or referrer spoofing and hence we do not want to offer a false sense of security to our users. We are investigating better methods. If you are particularly concerned, you can dynamically generate user access tokens for a short duration and destroy them after use. If you have other suggestions, we'd like to hear from you.