You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/developers/chats.mdx
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,7 +16,7 @@ This document explains how Ecency's chat experience works and how other Hive app
16
16
17
17
## Using Ecency-hosted chat endpoints
18
18
19
-
Other Hive apps can call Ecency's `/api/mattermost/*` routes directly—no Mattermost infrastructure required. Key points:
19
+
Other Hive apps can call Ecency's `/api/mattermost/*` routes directly - **no Mattermost infrastructure required**. Key points:
20
20
21
21
-**Base URL**: Use the deployed Ecency web domain you target (e.g., `https://ecency.com/api/mattermost`). The same routes are available on staging instances for testing.
22
22
-**Cookies required**: The routes rely on an httpOnly `mm_pat` cookie. When calling from a browser, use `credentials: "include"` so the cookie is stored for subsequent requests.
@@ -42,9 +42,9 @@ These are required only when running the Ecency API yourself; consumers of `ecen
42
42
43
43
### How Ecency access tokens are issued
44
44
45
-
Ecency always mints the same JWT `accessToken`/`refreshToken` pair regardless of the login provider. Hivesigner users obtain them via the OAuth callback, while other methods (Keychain, HiveAuth, or manual posting-key sign-in) go through the Ecency auth API, which returns the tokens after verifying a signed login challenge tied to the Hive posting authority. If your app already integrates Ecency login with those providers, reuse the returned tokens directly—they are identical to the ones required by the chat bootstrap endpoint.
45
+
Ecency always mints the same JWT `accessToken`/`refreshToken` pair regardless of the login provider. Hivesigner users obtain them via the OAuth callback, while other methods (Keychain, HiveAuth, or manual posting-key sign-in) go through the Ecency auth API, which returns the tokens after verifying a signed login challenge tied to the Hive posting authority.
46
46
47
-
Otherwise, you can mint an `accessToken` yourself by signing the standard Hivesigner-style challenge locally with the user's posting private key during your app's login flow. Any app can create the payload, sign it, base64url-encode it, and submit it to Ecency's auth API as the `code` to receive the normal `accessToken`/`refreshToken` pair. A minimal example inspired by our production implementation:
47
+
Otherwise, you can mint an `accessToken` yourself by signing the standard Hivesigner-style challenge locally with the user's posting private key during your app's login flow. Any app can create the payload, sign it, base64url-encode it, and use that as `accessToken`. A minimal example inspired by our production implementation:
0 commit comments