@domvia/realtime-chat
Private chat rooms
Model room messages, typing state, read receipts, presence, and encrypted payload decisions without turning the core SDK into a messy all-in-one package.
Public documentation
Build realtime apps with confidence.
Learn how DomVia Realtime apps, keys, origins, channels, usage limits, gateway status, and security events fit together. Start small, protect sensitive flows, then scale into production operations.
Create your first realtime app, add trusted origins, copy your public key, and connect your client.
Understand how apps, regions, environments, limits, endpoints, and app IDs work together.
Learn the difference between public keys, secret keys, secret previews, and safe rotation.
Protect realtime traffic with trusted origins, signed channel authorization, usage limits, and alerts.
Setup path
4 steps
App, origins, keys, channels
Credential model
Public + secret
Safe split for clients and servers
Protection
Origin + auth
Guarded joins and usage limits
SDK guides
Modular packages for chat, location, delivery, calls, and private encryption.
Keep the public docs clean. Each SDK guide gives a short preview here, then opens into a focused full page when the developer wants implementation depth.
Controlled dynamic design
The SDK can grow into messaging, Uber-like location, delivery timelines, WhatsApp-like call signaling, presence, and private encryption without becoming one huge package. Core realtime stays stable; feature packages stay focused.
@domvia/realtime-location
Live location streams
Send controlled, short-lived location updates for trips, same-day deliveries, inspectors, drivers, couriers, and field workers.
@domvia/realtime-delivery
Delivery timelines
Track pickup, in-transit, nearby, delivered, failed, and support-needed states with realtime visibility for customer and operator screens.
@domvia/realtime-calls
In-app call signaling
Coordinate WhatsApp-like audio and video call state with ringing, accept, reject, end, WebRTC offer, answer, ICE candidate, and media state events.
@domvia/realtime-e2ee
E2EE for private chat
Use end-to-end encryption where the content must stay private. Keep it focused on private chat payloads instead of forcing every realtime event to be encrypted.
Getting started
Connect your first realtime app
This is the safest first path for connecting a new app. Create the app, trust your website origin, use the public key on the client, and keep private authorization inside trusted server code.
Step 01
Create a realtime app
An app is an isolated realtime project. It has its own app ID, public key, secret preview, allowed origins, region, environment, and limits.
Step 02
Add trusted origins
Allowed origins tell DomVia Realtime which websites are allowed to connect. Add your production domain before real users connect.
Step 03
Use the public key on clients
The public key is safe for browser, mobile, and client SDK setup. It identifies the app that should receive the realtime connection.
Step 04
Authorize private access
For private and presence channels, your trusted server route should verify the user and return a signed authorization response.
What you need before going live
✓ At least one active realtime app.
✓ One active public key.
✓ A copied secret key stored safely.
✓ At least one trusted production origin.
✓ Private channel authorization route for sensitive rooms.
Apps
How realtime apps are organized
A realtime app is the main container for credentials, origins, channel access, limits, and environment settings.
| Concept | Meaning |
|---|---|
| App ID | A stable identifier for one realtime app inside your workspace. |
| Environment | A label such as production, staging, or development. |
| Region | The preferred operating region for a realtime app. |
| Endpoint | The public gateway host your app connects to. |
| Origins | Trusted websites allowed to connect to an app. |
| Limits | Plan and app-level usage boundaries for safe scaling. |
Recommended setup
✓ One app per product environment.
✓ Separate production and staging keys.
✓ Trusted origins per app.
✓ Private channels for sensitive rooms.
✓ Presence only where online users matter.
✓ Security events reviewed regularly.
Credentials
Public keys, secret keys, and rotation
Keys are the most important part of your setup. Public keys identify apps. Secret keys sign protected actions and must stay private.
Public key
Use this in browser, mobile, and client SDK setup. It identifies your realtime app.
Secret key
Keep this in trusted server code only. Never place it in browser or mobile apps.
Secret preview
A masked hint that helps identify a secret without revealing the full value.
Rotation
Generate a new key, copy the secret once, update your trusted server, then revoke the old key.
Secret key rule
Show the full secret once. Keep it out of clients forever.
The full secret should only be shown once after creation. Copy it, store it safely, and use it only from trusted server code.
sk_live_••••••••••••••••••••
Secret preview helps identify a secret without revealing the full value.
Realtime channels
Public, private, and presence channels
Channels are realtime rooms. Choose the right channel type based on whether the data is public, protected, or needs online member visibility.
Public channels
Good for open events where users do not need special permission to listen.
public-feed.global
Private channels
Good for messages, private dashboards, account events, order updates, and user-specific rooms.
private-chat.room.42
Presence channels
Good for online members, active viewers, live collaboration, delivery rooms, and team activity.
presence-order.884
Private authorization flow
✓ Client requests access to a private or presence channel.
✓ Trusted server verifies the signed-in user.
✓ Trusted server signs the channel authorization response.
✓ Client joins the protected channel through the realtime gateway.
trusted-server-route.ts
import { authorizePrivateChannel } from "@domvia/realtime-server";
app.post("/realtime/auth", async (request, response) => {
const user = await requireSignedInUser(request);
const channelName = request.body.channel_name;
if (!user.canJoin(channelName)) {
return response.status(403).json({ message: "Forbidden" });
}
return response.json(
await authorizePrivateChannel({
key: process.env.DOMVIA_REALTIME_KEY,
secret: process.env.DOMVIA_REALTIME_SECRET,
socketId: request.body.socket_id,
channelName,
}),
);
});Production safety
Security checklist
Security is not one switch. It is a full workflow: safe keys, trusted origins, signed private access, usage limits, security events, and alerts.
✓ Use public keys in browser and mobile apps only.
✓ Keep secret keys inside trusted server code only.
✓ Add trusted origins before production traffic.
✓ Use private channels for sensitive conversations and account data.
✓ Use presence channels only when online member visibility is needed.
✓ Rotate credentials if a secret may have been exposed.
✓ Review blocked gateway activity from Security Center.
✓ Keep usage limits enabled to protect apps from unexpected traffic.
Fix issues faster
Common problems and fixes
Most realtime issues come from wrong keys, blocked origins, missing channel authorization, or usage limits.
Problem
Client cannot connect
Likely cause
The public key may be wrong, the app may be disabled, or the gateway host may be incorrect.
Fix
Check the app keys page, app status, and gateway value shown in the console.
Problem
Origin blocked
Likely cause
The website trying to connect is not listed as a trusted origin for that app.
Fix
Open the app, add the exact website origin, then retry the connection.
Problem
Private channel denied
Likely cause
The channel authorization response may be missing, invalid, or signed with the wrong secret.
Fix
Check your trusted server route, socket ID, channel name, and active secret key.
Problem
Presence join fails
Likely cause
Presence channels require valid channel data with user information.
Fix
Return signed authorization with valid user data for the connected member.
Problem
Usage limit reached
Likely cause
The app has reached the monthly event or message limit for the current plan.
Fix
Review usage, reduce traffic, or upgrade the workspace plan when billing is ready.
Reference
Common API areas
These are the main API areas your console uses. Protected workspace endpoints require an authenticated console token.
| Area | Use | Endpoint |
|---|---|---|
| Health | Check platform API health. | GET /api/health |
| Plans | Load public plan limits and pricing data. | GET /api/plans |
| Workspace | Load the current workspace and plan. | GET /api/workspaces/current |
| Apps | List realtime apps in the workspace. | GET /api/realtime/apps |
| Keys | List keys for one realtime app. | GET /api/realtime/apps/{app}/keys |
| Origins | List trusted origins for one app. | GET /api/realtime/apps/{app}/origins |
| Security events | Review blocked gateway activity. | GET /api/realtime/security-events |
| Gateway status | Check current gateway reachability. | GET /api/realtime/gateway/status |
FAQ
Answers developers need before connecting.
Is ws.domvia.net supposed to be public?
Yes. Client apps need a public realtime gateway to connect. Security comes from app credentials, trusted origins, signed private channel authorization, rate limits, and security monitoring.
Can I put the public key in my app?
Yes. Public keys are designed for browser, mobile, and client SDK setup.
Can I put the secret key in my app?
No. Secret keys must stay in trusted server code. They should never be shipped inside browser or mobile apps.
When should I use private channels?
Use private channels when the realtime data belongs to a specific user, account, conversation, order, tenant group, team, or workspace.
When should I use presence channels?
Use presence when your app needs to show who is online inside a room, order, conversation, workspace, or collaborative screen.
Next docs to add
More platform guides can sit here without making the page crowded.
Keep the public docs educational. Add deeper examples through focused guides, not heavy dashboard cards.
○ React quick-start
○ React Native quick-start
○ Flutter quick-start
○ Server authorization package
○ Calls signaling guide
○ Key rotation guide
○ Status monitoring guide
○ Optional E2EE guide