Account integration and login
Update time: 2022/06/28 18:03:15
Account integration and login
- When a user registers an app, the App build-in Server sends a request to CommsEase Web Server with The API of creating an account. For more information, see Register an Account
- With a newly-created account, CommsEase Web Server will return the token and other information of the account. The App server saves the token.
- When an App sends a login request, built-in login authentication such as password authentication is required.
- After the successful authentication, the App Server returns the corresponding token to the client who needs to save the token.
- When App needs to call CommsEase IM service, it is required to authenticate the token for log in to IM service
- After the successful token authentication, you log in to the IM platform. Then, call SDK-related APIs to experience IM.
When using CommsEase IM services, you need to know the App account and CommsEase ID (accid) are independent of each other. Accid is only used for authentication, which has nothing to do with user profile of Apps. In most cases, we recommend keeping
token for IM login in CommsEase inconsistent.
token are created by the end user rather than by the application server to ensure security.
Manual login and automatic login
Manual login and auto-login are included, between which the differences mainly are:
- Whether the SDK deals with scenarios of login failures.
- Whether the server verifies the login security of current devices.
At first, the SDK identifies that end users initiate a manual login. If login failure occurs for poor network conditions and wrong passwords, the SDK will trigger the corresponding callback and stop a reconnection to the server until users log in again. However, a reconnection comes with an auto-login failure. Repeated reconnection never stops until a user logs in the app. Ensure correct passwords to implement reconnection. Second, to guarantee the security of current users, the server will check the device's uniqueness depending on whether the current login is automatic. If the current login is automatic and the device on which the users currently log in is not the one on which the users logged in previously, the login will be automatically forbidden to ensure security. You may also set automatic login as mandatory login to ignore security checks. This is appropriate for the scene of delay in loading communication module of non-IM products: achieve auto-login with the correct CommsEase ID issued by the server, without caring about any login error, which is simple and convenient.
Particularly, if the auto-login is enabled, the login frequency will be counted as once when your application is invoked in the background, and included in the statistics over daily active users on a billing basis.
Once login succeeds or auto-login is called, the IM SDK will deal with all reconnections under ordinary network conditions. The SDK will stop the reconnection until a user can log in. Additional logins are not required, which also applies to chat rooms.
Product form and login strategy
The products which have the access to CommsEase IM service include two forms:
- IM products with communication as core modules. Typically examples: WeChat, CommsEase, and live streaming-related Apps.
- Non-IM products with communication as attached modules. Typical examples: Apps with private message modules.
Since the communication of IM products is the core, the whole App is unable to run if CommsEase login fails. Therefore, we recommend first logging in to the app server and CommsEase server before implementing the procedure. The login procedure completes when you log in to the app server and CommsEase server. For other products beyond the IM, users can access communication capabilities after logging in to app servers. With the ID and token assigned by the CommsEase server, you can implement an auto-login.
User console account management
If a fast test is only required till now, you may rapidly create and manage accounts depending on "Account management" feature, without calling the server API for account creation.
The accounts registered with the server API will not be in the account list of CommsEase console. Reasons:
The list provided by the background does not include all users. Therefore, developers can implement the client integration for no server development. Users can fast launch an account test at the management console and log in to the client to test.
Users who create an account by using an API are not in the management console. The setting is to ensure privacy and account security, avoiding disabling users and other misoperations.
Integrate existing stock accounts
If an application that has a large number of user accounts need to access CommsEase IM service. We recommend following the on-demand principle. In consideration of a possible considerable proportion of zombie users or inactive users in stock accounts, direct full input at immigration to CommsEase will generate unnecessary overhead. When a user first triggers CommsEase IM, the developer may check whether an accid is created for the user on CommsEase. If no accid is created, create an accid in the background as per the related process before login, in this way your users can create an account of CommsEase only when necessary. Users created on CommsEase are valid active users.
How can I create an account?
Test applications may create test users by logging in to the management console after the developer account is registered, or creating an account API based on the server file in the development manual. Online applications can only create an account using The API. For more information, see API Overview.
Why can't I create an account with the client SDK instead of a server?
CommsEase account system and application account system are bound together, and account creation in the application server can be effectively controlled. Any client of the application is at the risk of being cracked. If a CommsEase account can be created using the client, your application account may be hacked (Business competitors may provide similar client APIs, so that you can save a few lines of code in development, but your applications may be exposed to security risk);
Can I delete my CommsEase account? Can I select the accid as my app account?
You can not delete your CommsEase account. To ban the current account, you can deactivate the previous account with the server API. We allow developers to use uid or account as accid. However, we do not recommend doing so. We recommend using a random string or other strings that are not strongly associated with the application business as the accid, and maintaining the association between the business uid and the CommsEase accid in the application server.
- The account system of a user is safe. When using the CommsEase service, users have no risk of account leaks. Although we take reliable data security measures, we recommend improving your data security to allow us to provide better services.
- If a user needs to delete the CommsEase account, just unbind the relationship. If a user needs to reset the account status, just implement the same operation and rebind the relationship with a new accid.
Will the account I register with the server API display in the management console?
The account registered with the server API will not display in the management console.
- The list provided by the console does not include all users. Therefore, developers can implement the client integration for no server development. Users can fast launch an account test at the management console and log in to the client to test.
- Users who create an account by using an API are not in the management console. The setting is to ensure privacy and account security, avoiding disabling users and other misoperations.
- Account integration and login
- Manual login and automatic login
- Product form and login strategy
- User console account management
- Integrate existing stock accounts