Locations
Users logged into the same Document ID can see each other’sPresence
, Cursors
, Comments
etc.
However, if you want to add another layer of categorization to organize users together, you can use Location.
If a Document is like a house, a Location is like a room within the house.
Locations
, check out its dedicated section here.
Contacts
When you reply to a comment, you can@mention
other teammates that are added to a User's Contacts List
.
To learn more about creating a User's Contacts List
, read here.
JWT Authentication Tokens
For enhanced security, you can use JWT tokens to authenticate users instead of passing user data directly in the client-side code. This provides an additional layer of security by verifying user identity on the server side. To learn more, see the JWT Tokens page.Access control roles (Editor/Viewer): You can assign a user’s role per resource (organization, folder, document) in the token permissions or via backend access APIs. Editors can create/edit collaboration data (e.g., comments); Viewers are read-only. See Access Control, Generate Token, Add Permissions, and Add/Update Users.
Critical JWT Token Requirements:
- JWT tokens must be generated server-side using your auth token from the Velt Console
- Never expose JWT tokens or auth tokens in client-side code
- Tokens expire after 48 hours and need to be refreshed
- Include the JWT token in the
authToken
field when callingidentify()
Step 1: Enable JWT Tokens in Console
First, enable JWT tokens in your Velt Console:- Go to console.velt.dev
- Enable the toggle for
Require JWT Token
(listed at the bottom of the page)
JWT tokens won’t work unless you enable this setting in your console.
Step 2: Generate Auth Token
You need an auth token to generate JWT tokens. You can generate this from the Auth Token section in your Velt Console dashboard.
Store auth tokens securely on your server-side environment and never expose them in client-side code.
Auth tokens are long-lived and should be rotated periodically for security best practices.
Step 3: Create Server Endpoint for JWT Token Generation
Create a server endpoint that generates and serves JWT tokens to your client. See our generate_token API call for more information.Token Refresh
JWT tokens expire after 48 hours from generation. Handle token expiration by subscribing to the error event and refreshing tokens when needed:If you configured an Auth Provider on
VeltProvider
, token refresh is handled automatically. If you authenticate using the identify() method instead, you must listen for token_expired
and re-authenticate with a fresh token as shown below.Security Benefits of JWT Tokens:
- Server-side validation of user identity
- Protection against client-side data manipulation
- Secure user authentication without exposing sensitive data
- Token expiration for enhanced security
Access the Velt Client
Access the core Velt client instance to call SDK APIs and subscribe to core events.Client Event Subscriptions
Event | Description | Event Object |
---|---|---|
initUpdate | Initialization lifecycle updates (documents/locations set/unset, user init) | InitUpdateEvent |
userUpdate | Fired when the Velt user changes (login, logout, or update) | UserUpdateEvent |
documentInit | Document initialization status changes | DocumentInitEvent |
error | Error events (e.g., token_expired) | ErrorEvent |
veltButtonClick | Fired when a Velt Button is clicked | VeltButtonClickEvent |
Usage
- Use the React hook
useVeltClient()
inside components rendered underVeltProvider
. - The client is available after initialization. In HTML/vanilla, call
Velt.init()
first. - Always unsubscribe from event subscriptions to avoid memory leaks.