Messaging architecture
You can use Amazon Chime SDK messaging as a server-side and a client-side SDK. The server-side
APIs create an AppInstance
and AppInstanceUser
. You can use
various hooks and configurations to add application specific business logic and
validation. For more information about doing that, see Streaming messaging data. Additionally, server-side processes can call
APIs on behalf of an AppInstanceUser
, or control a dedicated
AppInstanceUser
that represents back-end processes.
Client-side applications represented as an AppInstanceUser
can call the Amazon Chime SDK messaging APIs directly. Client-side applications use the WebSocket protocol to connect to the messaging SDK when they are online. When connected, they
receive real-time messages from any channel that they are a member of. When disconnected, an AppInstanceUser
still belongs to the channels it was added to, and it can load the message history of those
channels by using the SDK's HTTP based APIs.
Client-side applications have permissions to make API calls as a single AppInstanceUser
. To scope IAM credentials to a single AppInstanceUser
, client side applications assume a parameterized IAM role via
AWS Cognito Identity Pools, or by a small self-hosted back-end API. For more information about authentication, see Authenticating end-user client applications. In contrast, server side applications typically have permissions
tied to a single app instance user, such as a user with administrative permissions, or they have permissions to make API calls on behalf of all app instance users.