Overview

Application level settings allow you to configure settings that impact all the channel types in your app. Our backend SDKs make it easy to change the app settings. You can also change most of these using the CLI or the dashboard. Here’s an example on changing the disable_auth_checks setting:

// disable auth checks, allows dev token usage
await client.updateAppSettings({
  disable_auth_checks: true,
});

// re-enable auth checks
await client.updateAppSettings({
  disable_auth_checks: false,
});

# disable auth checks, allows dev token usage
client.update_app_settings(disable_auth_checks=True)

# re-enable auth checks
client.update_app_settings(disable_auth_checks=False)

// disable auth checks, allows dev token usage
$update = $client->updateAppSettings([
	'disable_auth_checks' => true
]);

// re-enable auth checks
$update = $client->updateAppSettings([
	'disable_auth_checks' => false
]);

// disable auth checks, allows dev token usage
	settings := NewAppSettings().SetDisableAuth(true)
	err = client.UpdateAppSettings(settings)
	if err != nil {
		log.Fatalf("Err: %v", err)
	}

	// re-enable auth checks
	err = client.UpdateAppSettings(NewAppSettings().SetDisableAuth(false))
	if err != nil {
		log.Fatalf("Err: %v", err)
	}

# require 'stream-chat'

# disable auth checks, allows dev token usage
client.update_app_settings({ 'disable_auth_checks' => true })

# re-enable auth checks
client.update_app_settings({ 'disable_auth_checks' => false })

await appClient.UpdateAppSettingsAsync(new AppSettingsRequest
{
  DisableAuth = true,
});

// re-enable auth checks
await appClient.UpdateAppSettingsAsync(new AppSettingsRequest
{
  DisableAuth = false,
});

// disable auth checks, allows dev token usage
App.update().disableAuthChecks(true).request();

// re-enable auth checks
App.update().disableAuthChecks(false).request();

// This is a server-side only feature, choose any of our server-side SDKs to use it

A full overview of available settings can be found below:

Permissions

The following app settings allow you to control how permissions work for your app:

NAME	DESCRIPTION	DEFAULT
disable_auth_checks	Disabled authentication. Convenient during testing and allows you to use devTokens on the client side. Should not be used in production.	false
disable_permissions_checks	Gives all users full permissions to edit messages, delete them etc. Again not recommended in a production setting, only useful for development.	false

Push

NAME	DESCRIPTION	DEFAULT
apn_config	APN config object. See details.
firebase_config	Firebase config object. See details.
huawei_config	Huawei config object. See details.
xiaomi_config	Xiaomi config object. See details.
push_config	Global config object. See details.

CDN

NAME	DESCRIPTION	DEFAULT
cdn_expiration_seconds	CDN URL expiration time. See details.	1209600 (14 days)

Hooks

Stream is gradually rolling out a new multi-event hooks system. If you receive an error about hook configuration, please refer to the Multi-Event Hooks documentation for the new configuration method.

Hooks enable you to listen to changes in chat. You can use either webhooks or SQS.

NAME	DESCRIPTION	DEFAULT
webhook_url	This webhook is useful when you want your server application to receive all important events happening in the Stream Chat	-
custom_action_handler_url	This webhook reacts to custom /slash commands and actions on those commands/	-
before_message_send_hook_url	This webhook allows you to modify or moderate message content before sending it to the chat for everyone to see	-
sqs_url	Your SQS url	-
sqs_key	The key for SQS queue	-
sqs_secret	The secret for your SQS queue	-

Features

The following settings allow you to control features of your application:

NAME	DESCRIPTION	DEFAULT
user_response_time_enabled	If enabled, tracks and exposes user response time metrics for messages in your app. Once enabled, the `avg_response_time` field will be shown in the user response.	false

Moderation & Translation

The following settings allow you to control moderation for your chat:

NAME	DESCRIPTION	DEFAULT
image_moderation_labels	Moderation scores returned from the external image moderation API	-
image_moderation_enabled	If image moderation AI should be turned on	-
enforce_unique_usernames	If Stream should enforce username uniqueness. This prevents people from joining the chat as “elonmusk” while “elonmusk” is presenting.	-
auto_translation_enabled	If Stream should automatically translate messages	-
async_url_enrich_enabled	If url enrichment should be done async. It will trigger message.updated event	-

File Uploads

You can set restrictions on file uploads by including a file_upload_config object. You can set either an inclusive list using allowed_file_extensions and allowed_mime_types or an exclusive list using blocked_file_extensions and blocked_mime_types .

The file_upload_config object accepts the following fields:

NAME	DESCRIPTION	Example	Default
allowed_file_extensions	An array of file types that the user can submit. Files with an extension that does not match the values in this array will be rejected.	[“.tar”, “.png”, “.jpg”]	-
blocked_file_extensions	An array of file types that the user can submit. Files with an extension that does not match the values in this array will be rejected.	[“.tar”, “.png”, “.jpg”]	-
allowed_mime_types	An array of file MIME types that the user can submit. Files with an MIME type that does not match the values in this array will be rejected. Must follow the type/ subtype pattern.	[“text/css”, “text/plain”, “image/png”]	-
blocked_mime_types	An array of file types that the user can submit. Files with an MIME type that does not match the values in this array will be rejected. Must follow the type/ subtype pattern.	[“text/css”, “text/plain”, “image/png”]	-
size_limit	A number that represents the maximum accepted file size in bytes. In case its 0 the default maximum is used.	10485760	0

For example, the following code shows how to block all attempts to upload any files that are not .csv:

// Only accept .CSV files
await client.updateAppSettings({
  file_upload_config: {
   allowed_file_extensions: [".csv"],
   allowed_mime_types: ["text/csv"]
});

# Only accept .CSV files

client.update_app_settings({
  "file_upload_config": {
   "allowed_file_extensions": [".csv"],
   "allowed_mime_types": ["text/csv"],
}})

$settings = ["file_upload_config" => [
  "allowed_file_extensions" => [".csv"],
  "allowed_mime_types" => ["text/csv"]
 ]
]
client->updateAppSettings($settings);

settings := &AppSettings{FileUploadConfig: &FileUploadConfig{
	AllowedFileExtensions: []string{".csv"},
	AllowedMimeTypes:   []string{"text/csv"},
}}

resp, err = client.UpdateAppSettings(ctx, settings)

client.update_app_settings({
 'file_upload_config' => {
  'allowed_file_extensions' => ['.csv'],
  'allowed_mime_types' => ['text/csv']
 }
})

await appClient.UpdateAppSettingsAsync(new AppSettingsRequest
{
  FileUploadConfig = new FileUploadConfig
  {
    AllowedFileExtensions = new List<string> { ".csv" },
    AllowedMimeTypes = new List<string> { "text/csv" },
  },
});

var cfg = App.FileUploadConfigRequestObject
 .builder()
 .allowedFileExtensions(List.of(".csv"))
 .allowedMimeTypes("text/csv")
 .build();

App.update().fileUploadConfig(cfg).request();

// This is a server-side only feature, choose any of our server-side SDKs to use it

Image Uploads

You can set restrictions on file uploads by including an image_upload_config object. You can set either an inclusive list using allowed_file_extensions and allowed_mime_types or an exclusive list using blocked_file_extensions and blocked_mime_types .

The image_upload_config object accepts the following fields:

NAME	DESCRIPTION	Example	Default
allowed_file_extensions	An array of file types that the user can submit. Files with an extension that does not match the values in this array will be rejected.	[“.gif”, “.png”, “.jpg”]	-
blocked_file_extensions	An array of file types that the user can submit. Files with an extension that does not match the values in this array will be rejected.	[“.tar”, “.tiff”, “.jpg”]	-
allowed_mime_types	An array of file MIME types that the user can submit. Files with an MIME type that does not match the values in this array will be rejected. Must follow the type/ subtype pattern.	[“image/jpeg”, “image/svg+xml”, “image/png”]	-
blocked_mime_types	An array of file types that the user can submit. Files with an MIME type that does not match the values in this array will be rejected. Must follow the type/ subtype pattern.	[“text/css”, “text/plain”, “image/tiff”]	-
size_limit	A number that represents the maximum accepted file size in bytes. In case its 0 the default maximum is used.	10485760	0

For example, the following code shows how to block all attempts to upload any files that are not gif, jpeg, or png files:

// Only accept gif, jpeg, or png files.
await client.updateAppSettings({
  image_upload_config: {
   allowed_file_extensions: [".gif", ".jpeg", ".png"],
   allowed_mime_types: ["image/gif", "image/jpeg", "image/png"]
});

# Only accept gif, jpeg, or png files.

client.update_app_settings({
  "image_upload_config": {
   "allowed_file_extensions": [".gif", ".jpeg", ".png"],
   "allowed_mime_types": ["image/gif", "image/jpeg", "image/png"],
}})

$settings = ["image_upload_config" => [
  "allowed_file_extensions" => [".gif", ".jpeg", ".png"],
  "allowed_mime_types" => ["image/gif", "image/jpeg", "image/png"]
 ]
]
client->updateAppSettings($settings);

settings := &AppSettings{ImageUploadConfig: &FileUploadConfig{
	AllowedFileExtensions: []string{".gif", ".jpeg", ".png"},
	AllowedMimeTypes:   []string{"image/gif", "image/jpeg", "image/png"},
}}

resp, err = client.UpdateAppSettings(ctx, settings)

client.update_app_settings({
 'file_upload_config' => {
  'allowed_file_extensions' => ['.gif', '.jpeg', '.png'],
  'allowed_mime_types' => ['image/gif', 'image/jpeg', 'image/png']
 }
})

await appClient.UpdateAppSettingsAsync(new AppSettingsRequest
{
  ImageUploadConfig = new FileUploadConfig
  {
    AllowedFileExtensions = new List<string> { ".gif", ".jpeg", ".png" },
    AllowedMimeTypes = new List<string> { "image/gif", "image/jpeg", "image/png" },
  },
});

var cfg = App.FileUploadConfigRequestObject
 .builder()
 .allowedFileExtensions(List.of(".gif", ".jpeg", ".png"))
 .allowedMimeTypes("image/gif", "image/jpeg", "image/png")
 .build();

App.update().imageUploadConfig(cfg).request();

// This is a server-side only feature, choose any of our server-side SDKs to use it

Stream allowed types for images are: image/bmp, image/gif, image/jpeg, image/png, image/webp, image/heic, image/heic-sequence, image/heif, image/heif-sequence, image/svg+xml. Applications can set a more restrictive list, but would not be allowed to set a less restrictive list.

Stream API and client integration

Multi-region Support