API Reference - Liveblocks REST API

This endpoint lets your application server (your back end) obtain a token that one of its clients (your frontend) can use to enter a Liveblocks room. You use this endpoint to implement your own application’s custom authentication endpoint. When making this request, you’ll have to use your secret key.

Important: The difference with an ID token is that an access token holds all the permissions, and is the source of truth. With ID tokens, permissions are set in the Liveblocks back end (through REST API calls) and "checked at the door" every time they are used to enter a room.

Note: When using the @liveblocks/node package, you can use Liveblocks.prepareSession in your back end to build this request.

You can pass the property userId in the request’s body. This can be whatever internal identifier you use for your user accounts as long as it uniquely identifies an account. The property userId is used by Liveblocks to calculate your account’s Monthly Active Users. One unique userId corresponds to one MAU.

Additionally, you can set custom metadata to the token, which will be publicly accessible by other clients through the user.info property. This is useful for storing static data like avatar images or the user’s display name.

Lastly, you’ll specify the exact permissions to give to the user using the permissions field. This is done in an object where the keys are room names, or room name patterns (ending in a *), and a list of permissions to assign the user for any room that matches that name exactly (or starts with the pattern’s prefix). For tips, see Manage permissions with access tokens.

This endpoint lets your application server (your back end) obtain a token that one of its clients (your frontend) can use to enter a Liveblocks room. You use this endpoint to implement your own application’s custom authentication endpoint. When using this endpoint to obtain ID tokens, you should manage your permissions by assigning user and/or group permissions to rooms explicitly, see our Manage permissions with ID tokens section.

Important: The difference with an access token is that an ID token doesn’t hold any permissions itself. With ID tokens, permissions are set in the Liveblocks back end (through REST API calls) and "checked at the door" every time they are used to enter a room. With access tokens, all permissions are set in the token itself, and thus controlled from your back end entirely.

Note: When using the @liveblocks/node package, you can use Liveblocks.identifyUser in your back end to build this request.

You can pass the property userId in the request’s body. This can be whatever internal identifier you use for your user accounts as long as it uniquely identifies an account. The property userId is used by Liveblocks to calculate your account’s Monthly Active Users. One unique userId corresponds to one MAU.

If you want to use group permissions, you can also declare which groupIds this user belongs to. The group ID values are yours, but they will have to match the group IDs you assign permissions to when assigning permissions to rooms, see Manage permissions with ID tokens).

Additionally, you can set custom metadata to the token, which will be publicly accessible by other clients through the user.info property. This is useful for storing static data like avatar images or the user’s display name.

This endpoint returns a list of your rooms. The rooms are returned sorted by creation date, from newest to oldest. You can filter rooms by metadata, users accesses and groups accesses. Corresponds to liveblocks.getRooms.

There is a pagination system where the next page URL is returned in the response as nextPage. You can also paginate by using nextCursor in combination with startingAfter. You can also limit the number of rooms by query.

Filtering by metadata works by giving key values like metadata.color=red. Of course you can combine multiple metadata clauses to refine the response like metadata.color=red&metadata.type=text. Notice here the operator AND is applied between each clauses.

Filtering by groups or userId works by giving a list of groups like groupIds=marketing,GZo7tQ,product or/and a userId like userId=user1. Notice here the operator OR is applied between each groupIds and the userId.

This endpoint creates a new room. id and defaultAccesses are required. Corresponds to liveblocks.createRoom.

• defaultAccessess could be [] or ["room:write"] (private or public).
• metadata could be key/value as string or string[]. metadata supports maximum 50 entries. Key length has a limit of 40 characters maximum. Value length has a limit of 256 characters maximum. metadata is optional field.
• usersAccesses could be [] or ["room:write"] for every records. usersAccesses can contain 100 ids maximum. Id length has a limit of 40 characters. usersAccesses is optional field.
• groupsAccesses are optional fields.

This endpoint returns a room by its ID. Corresponds to liveblocks.getRoom.

This endpoint updates specific properties of a room. Corresponds to liveblocks.updateRoom.

It’s not necessary to provide the entire room’s information. Setting a property to null means to delete this property. For example, if you want to remove access to a specific user without losing other users: { "usersAccesses": { "john": null } } defaultAccessess, metadata, usersAccesses, groupsAccesses can be updated.

• defaultAccessess could be [] or ["room:write"] (private or public).
• metadata could be key/value as string or string[]. metadata supports maximum 50 entries. Key length has a limit of 40 characters maximum. Value length has a limit of 256 characters maximum. metadata is optional field.
• usersAccesses could be [] or ["room:write"] for every records. usersAccesses can contain 100 ids maximum. Id length has a limit of 256 characters. usersAccesses is optional field.
• groupsAccesses could be [] or ["room:write"] for every records. groupsAccesses can contain 100 ids maximum. Id length has a limit of 256 characters. groupsAccesses is optional field.

This endpoint deletes a room. A deleted room is no longer accessible from the API or the dashboard and it cannot be restored. Corresponds to liveblocks.deleteRoom.

This endpoint permanently updates the room’s ID.

This endpoint returns a list of users currently present in the requested room. Corresponds to liveblocks.getActiveUsers.

For optimal performance, we recommend calling this endpoint no more than once every 10 seconds. Duplicates can occur if a user is in the requested room with multiple browser tabs opened.

This endpoint enables the broadcast of an event to a room without having to connect to it via the client from @liveblocks/client. It takes any valid JSON as a request body. The connectionId passed to event listeners is -1 when using this API. Corresponds to liveblocks.broadcastEvent.

Returns the contents of the room’s Storage tree. Corresponds to liveblocks.getStorageDocument.

The default outputted format is called “plain LSON”, which includes information on the Live data structures in the tree. These nodes show up in the output as objects with two properties, for example:

{  "liveblocksType": "LiveObject",  "data": ...}

If you’re not interested in this information, you can use the simpler ?format=json query param, see below.

This endpoint initializes a room’s Storage. The room must already exist and have an empty Storage. Calling this endpoint will disconnect all users from the room if there are any. Corresponds to liveblocks.initializeStorageDocument.

The format of the request body is the same as what’s returned by the get Storage endpoint.

For each Liveblocks data structure that you want to create, you need a JSON element having two properties:

• "liveblocksType" => "LiveObject" | "LiveList" | "LiveMap"
• "data" => contains the nested data structures (children) and data.

The root’s type can only be LiveObject.

A utility function, toPlainLson is included in @liveblocks/client from 1.0.9 to help convert LiveObject, LiveList, and LiveMap to the structure expected by the endpoint.

This endpoint deletes all of the room’s Storage data. Calling this endpoint will disconnect all users from the room if there are any. Corresponds to liveblocks.deleteStorageDocument.

This endpoint returns a JSON representation of the room’s Yjs document. Corresponds to liveblocks.getYjsDocument.

This endpoint is used to send a Yjs binary update to the room’s Yjs document. You can use this endpoint to initialize Yjs data for the room or to update the room’s Yjs document. To send an update to a subdocument instead of the main document, pass its guid. Corresponds to liveblocks.sendYjsBinaryUpdate.

The update is typically obtained by calling Y.encodeStateAsUpdate(doc). See the Yjs documentation for more details. When manually making this HTTP call, set the HTTP header Content-Type to application/octet-stream, and send the binary update (a Uint8Array) in the body of the HTTP request. This endpoint does not accept JSON, unlike most other endpoints.

This endpoint returns the room’s Yjs document encoded as a single binary update. This can be used by Y.applyUpdate(responseBody) to get a copy of the document in your back end. See Yjs documentation for more information on working with updates. To return a subdocument instead of the main document, pass its guid. Corresponds to liveblocks.getYjsDocumentAsBinaryUpdate.

This endpoint creates a new schema which can be referenced later to enforce a room’s Storage data structure. Corresponds to liveblocks.createSchema.

The schema consists of a name (for referencing it), and a body, which specifies the exact allowed shape of data in the room. This body is a multi-line string written in the Liveblocks schema syntax.

This endpoint retrieves a schema by its ID. The ID is a combination of the schema name and version. For example, my-schema@1. Corresponds to liveblocks.getSchema.

This endpoint updates the body for the schema. A schema can only be updated if it is not used by any room. Corresponds to liveblocks.updateSchema.

This endpoint deletes a schema by its ID. The ID is a combination of the schema name and version. For example, my-schema@1. A schema can only be deleted if it is not attached to a room. Corresponds to liveblocks.deleteSchema.

This endpoint retrieves the schema attached to a room. Corresponds to liveblocks.getSchemaByRoomId.

This endpoint attaches a schema to a room, and instantly enables runtime schema validation for the room. Corresponds to liveblocks.attachSchemaToRoom.

If the current contents of the room’s Storage do not match the schema, attaching will fail and the error message will give details on why the schema failed to attach.

This endpoint detaches the schema from a room. Corresponds to liveblocks.detachSchemaFromRoom.

This endpoint returns the threads in the requested room. Corresponds to liveblocks.getThreads.

This endpoint creates a new thread and the first comment in the thread. Corresponds to liveblocks.createThread.

A comment’s body is an array of paragraphs, each containing child nodes. Here’s an example of how to construct a comment’s body, which can be submitted under comment.body.

"version": 1,"content": [  {    "type": "paragraph",    "children": [{ "text": "Hello " }, { "text": "world", "bold": true }]  }]

This endpoint returns a thread by its ID. Corresponds to liveblocks.getThread.

This endpoint returns the list of thread participants. It is a list of unique user IDs representing all the thread comment authors and mentioned users in comments. Corresponds to liveblocks.getThreadParticipants.

This endpoint edits the metadata of a thread. The metadata is a JSON object that can be used to store any information you want about the thread, in string, number, or boolean form. Set a property to null to remove it. Corresponds to liveblocks.editThreadMetadata.

This endpoint creates a new comment, adding it as a reply to a thread. Corresponds to liveblocks.createComment.

A comment’s body is an array of paragraphs, each containing child nodes. Here’s an example of how to construct a comment’s body, which can be submitted under body.

"version": 1,"content": [  {    "type": "paragraph",    "children": [{ "text": "Hello " }, { "text": "world", "bold": true }]  }]

This endpoint returns a comment by its ID. Corresponds to liveblocks.getComment.

This endpoint edits the specified comment. Corresponds to liveblocks.editComment.

A comment’s body is an array of paragraphs, each containing child nodes. Here’s an example of how to construct a comment’s body, which can be submitted under body.

"version": 1,"content": [  {    "type": "paragraph",    "children": [{ "text": "Hello " }, { "text": "world", "bold": true }]  }]

This endpoint deletes a comment. A deleted comment is no longer accessible from the API or the dashboard and it cannot be restored. Corresponds to liveblocks.deleteComment.

This endpoint adds a reaction to a comment. Corresponds to liveblocks.addCommentReaction.

This endpoint removes a comment reaction. A deleted comment reaction is no longer accessible from the API or the dashboard and it cannot be restored. Corresponds to liveblocks.removeCommentReaction.

This endpoint returns a user’s inbox notification by its ID. Corresponds to liveblocks.getInboxNotification.