Creating User Access Tokens
Now that you have created an Application and obtained the App Token, the next step is to create user access tokens. A user access token is required by every user to authenticate with mesibo and use its real-time APIs — messaging, calls, conferencing, and more. Your client applications (Android, iOS, Flutter, Web, etc.) use these tokens to connect to mesibo on behalf of your users.
User access tokens are generated by your backend server using the mesibo Backend API. Each token is bound to three things: the App Token that identifies your Application, the Address that identifies the user, and the App ID that identifies where the token is permitted to be used.
1. Address
The address is a unique string that identifies a user within your Application — a phone number, email address, employee ID, or any identifier meaningful to your system. mesibo does not interpret or validate its format; it is treated as an opaque string.
Addresses are scoped to your Application. The same address can exist in a different Application without any conflict.
2. App ID
The App ID specifies which client application this token is authorized to be used in. When a client connects to mesibo using a user access token, mesibo verifies that the App ID embedded in the token matches the application making the connection. This prevents a token issued for one app from being used in another.
- Android — the package name from
AndroidManifest.xml - iOS — the Bundle ID from Xcode
- Other platforms — any string you choose, passed via
setAppName()
You can issue tokens with different App IDs for the same user — for example, one token for your Android app and another for your web app. Users across different App IDs can communicate freely, as long as they belong to the same mesibo Application.
Generating User Access Tokens
User access tokens are generated by your backend server when a user signs up or logs in. For this tutorial, we will manually generate tokens for two test users using the mesibo Backend API.
Send the following request to https://api.mesibo.com/backend/ using your App Token. We use com.mesibo.firstapp as the App ID to match the sample app on GitHub — replace it with your actual App ID.
{
"op":"useradd",
"token": "87pbh20pzehd9ld0o0pxqx9h80jjqfu9ipul4l00fnb55pbfx9mxyyk4uyr1iwuw",
"user": {
"address":"xyz@example.com",
"token": {
"appid": "com.mesibo.firstapp",
"expiry": 525600
}
}
}
You can also use the mesibo backend API explorer tool to send requests and view the responses.
Alternatively, you can also use curl, Postman, or any of your favorite tools to send API requests.
curl -X POST https://api.mesibo.com/backend
-H 'Content-Type: application/json'
-d '{"op":"useradd", "token":"87pbh20pzehd9ld0o0pxqx9h80jjqfu9ipul4l00fnb55pbfx9mxyyk4uyr1iwuw", ...}'
If using curl, it’s more convenient to download the mesibo-backend-payload.json, modify and send as:
curl -X POST https://api.mesibo.com/backend
-H 'Content-Type: application/json'
-d @mesibo-backend-payload.json
Response
A successful request returns the following:
{
"user": {
"uid":"5302",
"token":"cn9cvk6gnm15e7lrjb2k7ggggax5h90n5x7dp4sam6kwitl2hmg4cmwabet4zgdw"
},
"op":"useradd",
"result":true
}
The token field in the response is the user access token. Your client application passes this to setAccessToken() to authenticate and establish a connection to the mesibo real-time server.
Generate a second token for a different address — you will need two users to test messaging and calls. You can also send test messages to any user directly from the mesibo Console under the Users section.
With both tokens ready, let’s build your first mesibo app.