Realtime · Socket.IO

Connection & security

Socket.IO on the API origin, path /socket.io/. Authenticate with an access JWT.

URL & client (browser)

javascriptbrowser

import { io } from "socket.io-client"

const socket = io("https://cloud.mudbase.dev", {
  path: "/socket.io/",
  transports: ["websocket", "polling"],
  auth: { token: "<ACCESS_JWT>" },
})
import { io } from "socket.io-client"

const socket = io("https://cloud.mudbase.dev", {
  path: "/socket.io/",
  transports: ["websocket", "polling"],
  auth: { token: "<ACCESS_JWT>" },
})

Node / tests (Bearer header)

javascriptnode

const socket = io(baseUrl, {
  path: "/socket.io/",
  extraHeaders: { Authorization: `Bearer ${token}` },
})
const socket = io(baseUrl, {
  path: "/socket.io/",
  extraHeaders: { Authorization: `Bearer ${token}` },
})

JWT rules

Requirement	Detail
`scope`	Must be `api` or `websocket`
Session	If token has `sid`, session must still exist
Revocation	If token has `jti`, must not be blacklisted
User	Active user in DB

Failure → connect_error, message Authentication error.

On successful connect

Auto-joined room	Meaning
`org:<orgId>`	Dashboard / builder scope (all members with access to that scope)
`user:<userId>`	Direct messages / user-specific pushes

Plan limit

If your plan’s realtime connection limit is exceeded:

Server emits error: { "message": "Realtime connection limit reached for your plan.", "limit": <n> }
Socket disconnects.

Note

Server implementation lives under sockets/ and server.js in mudbase-backend. This protocol is not described in OpenAPI.