Q-Consultation for every industry

Securely hold virtual meetings and video conferences

Learn More>

Want to learn more about our products and services?

Speak to us now

Securing Your Communications: Best Practices for Using QuickBlox SDK

Hitesh Garg
25 Jul 2023
secure messaging app

In an era where data is the new oil, ensuring communication security is paramount. As developers, it’s essential to be aware of the best practices to implement when working with communication platforms like QuickBlox, to ensure your data remains private and protected. This article aims to illustrate some vital tips and best practices for security while leveraging QuickBlox’s real-time chat and video calling SDK.

Managing Application Credentials & Authentication

When you create an application on the QuickBlox dashboard, you’ll receive application credentials that you can use to connect your application with the QuickBlox servers.

app credentials

It’s critical that you do not expose your app credentials by any means.

A common mistake that developers often make is that they store these tokens on their client side applications, but this exposes them to security breaches. For security best practice, credentials MUST be stored on the server side.

Let’s take a look at both these approaches:

  • Storing tokens and managing authentication on the Server (Recommended for production).
  • Storing tokens and managing authentication on the Client side (Good for dev, POCs, MVPs but not recommended for production).

Note: Although this article only includes snippets for Web, we have attached appropriate links for the other platforms.

Storing tokens and managing authentication on the Server (Recommended for production)

It’s critical that you store credentials and manage authentication on the server side, and that you initialize the client application with the session token. This is the QuickBlox recommended way.

We do not recommend using the client end for storing application credentials or managing authentication, as the client application can be compromised by reverse engineering or decompiling the application.

Let’s see how to implement this:

Server Side Steps

1. Create API key on the QuickBlox dashboard.

  • Head over to the QuickBlox dashboard.
  • Select the application for which you want to generate the API key.
  • Click on the API Keys section from the top right menu.
  • Click on the Add button and enter the name of the API key.

Make sure to store this API key securely on your server


2. Create the user with API Key.

  • To register a new user, you must create a user on the QuickBlox server. To do this you can use the API key and call the create user QuickBlox API from your server.
  • import axios from 'axios';
    const options = {
      method: 'POST',
      url: 'https://api.quickblox.com/users.json',
      headers: {
        accept: 'application/json',
        Authorization: 'ApiKey {your_api_key}',
        'content-type': 'application/json'
      data: {user: {login: 'USER_LOGIN', email: 'USER_EMAIL', password: 'USER_PASSWORD'}}
      .then(function (response) {
      .catch(function (error) {
  • You can also pass more parameters here, like full_name, phone, etc. Read more about the API and its parameters here.
  • If the API returns success with code 201, it means the user is created.

3. Create User session with API Key

Read More

Ready to get started?

QuickBlox post-box