Here's a little explanation of Token auth so you know how it works:

  1. Your server uses the Ably API key to request a 'Token Request' object from Ably
  2. Your client uses this 'Token Request' object to request the actual token from the Ably server every time it wishes to authenticate.
  3. These tokens are short-lived and expire after a certain period of time and the client is expected to keep requesting a new token to keep communicating with Ably.
  4. Using an authUrl or authCallback ensures your client automatically requests for a new token just before the previous one expires, making sure that the connection never drops due to authentication failure caused by an expired token.


Read the best practice guide for more such caveats or see a quick video to understand Ably's authentication methods better.