Skip to content
PushGo

Authentication

To ensure the security of your notifications, the PushGo Gateway uses Bearer Token authentication for all API requests.

How it works

Section titled “How it works”

Every request must include an Authorization header with your secret token.

Authorization: Bearer YOUR_SECRET_TOKEN

Constraints

Section titled “Constraints”
  • Header Key: Authorization (case-insensitive in some environments, but Authorization is standard).
  • Token Type: Bearer.
  • Token Length: Maximum 4096 characters.

Configuration

Section titled “Configuration”

If you are using the Public Gateway

Section titled “If you are using the Public Gateway”

The public gateway may have specific token generation rules via the app. (Currently in transition).

If you are Self-Hosting

Section titled “If you are Self-Hosting”

You define the token in your gateway’s environment variables or configuration file:

Terminal window
# Example environment variable
AUTH_TOKEN=my_super_secret_token_123

Security Best Practices

Section titled “Security Best Practices”
  • Never share your token in public repositories or client-side code (e.g., frontend JavaScript).
  • Use HTTPS to ensure your token is encrypted during transit.
  • Rotate your token periodically if you suspect it has been compromised.