onveyor

HTTP Requests

OpenSwoole WebSocket servers can also handle HTTP requests. Conveyor uses that for native auth and broadcast endpoints, and for Pusher-compatible REST publishing.

Native auth endpoint

Create a temporary channel auth token:

1curl -X POST "http://127.0.0.1:8989/conveyor/auth?token=local-server-token" \
2  -H "Content-Type: application/json" \
3  -d '{"channel":"orders.1"}'

Response:

1{
2  "auth": "temporary-token"
3}

Use the returned auth value in a later channel-connect message for the same channel. Temporary channel tokens are consumed after use.

Native server broadcast

Force a server-side broadcast to a native channel:

1curl -X POST "http://127.0.0.1:8989/conveyor/message?token=local-server-token" \
2  -H "Content-Type: application/json" \
3  -d '{"channel":"orders.1","message":"order updated"}'

Successful response:

1{
2  "success": "Message sent successfully!"
3}

Common native endpoint errors:

  • 401 Unauthorized!: missing or invalid token when a server token is required.
  • 400 Channels not enabled!: channel persistence is unavailable.
  • 404 Channel not found!: no socket is connected to the requested channel.
  • 400 Invalid message!: the request body has no non-empty message.

Pusher REST publish

In Pusher/Reverb-compatible mode, Laravel normally sends these requests for you through its reverb or pusher broadcaster.

Publish one event:

1POST /apps/{app_id}/events

Body:

1{
2  "name": "OrderShipped",
3  "channels": ["orders.1"],
4  "data": "{\"id\":1,\"total\":99}",
5  "socket_id": "123.456"
6}

You may send either channels or one channel. data must be a string and is limited to 10000 bytes. socket_id is optional; when present, Conveyor does not deliver the event to that socket.

Publish a batch:

1POST /apps/{app_id}/batch_events
1{
2  "batch": [
3    {
4      "name": "OrderShipped",
5      "channel": "orders.1",
6      "data": "{\"id\":1}"
7    }
8  ]
9}

Batches are limited to 10 events.

Inspect channels:

1GET /apps/{app_id}/channels
2GET /apps/{app_id}/channels/{channel}
3GET /apps/{app_id}/channels/{presence-channel}/users

REST requests must include Pusher-style signed query parameters:

  • auth_key
  • auth_timestamp
  • auth_version=1.0
  • body_md5 for requests with a body
  • auth_signature

The timestamp tolerance is 600 seconds. Bad app credentials, body hashes, or signatures return 401. Stale timestamps return 400.

The example router signs a REST publish request with Conveyor\SubProtocols\Pusher\PusherSigner in examples/pusher-real/router.php.