Authentication

Secure your private and presence channels using signed subscriptions.

The Auth Flow

SummonFlow uses a **stateless auth flow**. When a client attempts to subscribe to a `private-` or `presence-` channel, it must provide a signature from your backend.

Client SDK

→

Your Auth API

→

Socket Server

Vercel Auth Route

If you're using Next.js on Vercel, use our stateless signing helper.

// app/api/realtime/auth/route.ts

import { signSubscription } from '@summoniq/summon-flow-server';

export async function POST(req: Request) {

const session = await getSession(req);

if (!session) return new Response('Unauthorized', { status: 401 });

const body = await req.json();

const signature = signSubscription({

socketId: body.socketId,

channel: body.channelName,

secret: process.env.SUMMON_STREAM_AUTH_SECRET,

userData: { id: session.user.id }

});

return Response.json(signature);

}

Client Configuration

Tell the client where your auth route is located.

const realtime = new SummonFlow('your-app-key', {

authEndpoint: '/api/realtime/auth',

wsHost: 'your-server.railway.app',

});