Skip to main content
Quick Reference for AI Agents & Developers
// Check existing session
const user = await CometChat.getLoggedinUser();

// Login with Auth Key (development only)
CometChat.login("UID", "AUTH_KEY").then(user => console.log("Logged in:", user));

// Login with Auth Token (production)
CometChat.login("AUTH_TOKEN").then(user => console.log("Logged in:", user));

// Logout
CometChat.logout().then(() => console.log("Logged out"));
Create users via: Dashboard (testing) | REST API (production) Test UIDs: cometchat-uid-1 through cometchat-uid-5

Create User

Before you log in a user, you must add the user to CometChat.
  1. For proof of concept/MVPs: Create the user using the CometChat Dashboard.
  2. For production apps: Use the CometChat Create User API to create the user when your user signs up in your app.

Authentication Flow

We have setup 5 users for testing having UIDs: cometchat-uid-1, cometchat-uid-2, cometchat-uid-3, cometchat-uid-4 and cometchat-uid-5.
Once initialization is successful, you will need to log the user into CometChat using the login() method. We recommend you call the CometChat login method once your user logs into your app. The login() method needs to be called only once.
The CometChat SDK maintains the session of the logged-in user within the SDK. Thus you do not need to call the login method for every session. You can use the CometChat.getLoggedinUser() method to check if there is any existing session in the SDK. This method should return the details of the logged-in user. If this method returns null, it implies there is no session present within the SDK and you need to log the user into CometChat.

Login using Auth Key

This straightforward authentication method is ideal for proof-of-concept (POC) development or during the early stages of application development. For production environments, however, we strongly recommend using an AuthToken instead of an Auth Key to ensure enhanced security.
Auth Key is for development/testing only. In production, generate Auth Tokens on your server using the REST API and pass them to the client. Never expose Auth Keys in production client code.
const UID = "UID";
const authKey = "AUTH_KEY";

CometChat.getLoggedinUser().then(
  (user) => {
    if (!user) {
      CometChat.login(UID, authKey).then(
        (user) => {
          console.log("Login Successful:", { user });
        },
        (error) => {
          console.log("Login failed with exception:", { error });
        }
      );
    }
  },
  (error) => {
    console.log("Something went wrong", error);
  }
);
ParametersDescription
UIDThe UID of the user that you would like to login
authKeyCometChat Auth Key
After the user logs in, their information is returned in the User object on Promise resolved.

Login using Auth Token

This advanced authentication procedure does not use the Auth Key directly in your client code thus ensuring safety.
  1. Create a User via the CometChat API when the user signs up in your app.
  2. Create an Auth Token via the CometChat API for the new user and save the token in your database.
  3. Load the Auth Token in your client and pass it to the login() method.
const authToken = "AUTH_TOKEN";

CometChat.getLoggedinUser().then(
  (user) => {
    if (!user) {
      CometChat.login(authToken).then(
        (user) => {
          console.log("Login Successful:", { user });
        },
        (error) => {
          console.log("Login failed with exception:", { error });
        }
      );
    }
  },
  (error) => {
    console.log("Something went wrong", error);
  }
);
ParameterDescription
authTokenAuth Token of the user you would like to login
After the user logs in, their information is returned in the User object on the Promise resolved.

Logout

You can use the logout() method to log out the user from CometChat. We suggest you call this method once your user has been successfully logged out from your app. 
CometChat.logout().then(
  () => {
    console.log("Logout completed successfully");
  },
  (error) => {
    console.log("Logout failed with exception:", { error });
  }
);

Best Practices

Before calling login(), use CometChat.getLoggedinUser() to check if a session already exists. This avoids unnecessary login calls and prevents session conflicts.
Auth Keys are convenient for development but expose your app to security risks in production. Always generate Auth Tokens server-side using the REST API and pass them to the client.
Auth Tokens can expire. Implement a mechanism to detect login failures due to expired tokens and re-generate them from your server. Use the Login Listener to detect session changes.
Always call CometChat.logout() when your user signs out of your app. This clears the SDK session and stops real-time event delivery, preventing stale data and memory leaks.

Troubleshooting

The user must be created in CometChat before they can log in. Create the user via the Dashboard (testing) or REST API (production) first.
Verify your Auth Key matches the one in your CometChat Dashboard → API & Auth Keys. Ensure you haven’t accidentally used the REST API Key instead.
Ensure CometChat.init() has been called and completed successfully before calling login(). Verify your App ID and Region are correct.
This can happen if the SDK session was not persisted. Ensure init() is called on every app load before checking getLoggedinUser(). The SDK stores session data in the browser — clearing browser storage will clear the session.

Next Steps

Send Messages

Send your first text, media, or custom message

Setup SDK

Install and initialize the CometChat SDK

User Management

Create, update, and delete users programmatically

Login Listener

Listen for login and logout events in real-time