Pusher · Authentication Profile

Pusher Authentication

Authentication

Pusher secures its APIs with apiKey across 1 declared security scheme, as derived from its OpenAPI definitions.

RealtimeWebSocketsPub/SubPush NotificationsMessaging
Methods: apiKey Schemes: 1 OAuth flows: API key in: query

Security Schemes

hmacAuth apiKey
· in: query (auth_signature)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/pusher-openapi.yml
summary:
  types:
  - apiKey
  api_key_in:
  - query
schemes:
- name: hmacAuth
  type: apiKey
  in: query
  parameter: auth_signature
  description: |-
    Pusher request signing. Every request must include the query
    parameters `auth_key`, `auth_timestamp` (Unix seconds),
    `auth_version=1.0`, `body_md5` (hex MD5 of the request body when
    present), and `auth_signature`. `auth_signature` is the
    HMAC-SHA256 (hex) of the canonical string
    `"<METHOD>\n<PATH>\n<SORTED_QUERY_STRING>"` using the application
    secret as the key.
  sources:
  - openapi/pusher-openapi.yml