Authentication and Initialization
This article provides an introduction to Ditto's methods for authentication, as well as step‑by‑step instructions on how to use the online playground authentication mode to initialize Ditto and start prototyping for hybrid online‑offline sync:
Ditto's security relies on digital identities for peer-to-peer authentication and access control permissions and privileges. Each instance of Ditto running in your app must prove its identity to other peers before it is allowed to sync.
The following table provides an overview of authentication in Ditto:
You're ready to explore and test realtime sync capabilities without the commitment using either a demo app or your own development app. (See Try On Ditto: Online Playground)
¹Do not use the online playground identity for production-level apps.
The online playground is intended for testing and experimentation purposes only. Deploying playground certificates to a live environment could lead to vulnerabilities and security risks.
Using Ditto's online playground identity, you can sync with other peers that share the same app ID and read and write to collections without the hassle of needing to set up your own authentication.
Each instance of Ditto running in your app is assigned a random universally unique identifier (UUID), which is the string of alphanumeric characters that identify your app across Ditto, as well as all other systems and environments.
The online playground is an authentication mode that allows you to explore platform features and functionality without the hassle of setting up your own authentication mechanism.
Before you can sync offline, you must first connect to the internet to retrieve your playground certificate.
Unless you have a specialized use case, such as a government app, you must connect to the internet at least once before you can sync offline with other peers.
For more information, see Authentication.
The playground certificate is an X.509-formatted certificate generated automatically by the Big Peer when a network connection is available. Once you've obtained your playground certificate from the Big Peer, you can go offline and sync with unrestricted platform access for a maximum of one week — reading and writing to all collections and establishing connections with all peers sharing the same app ID.
After one week, however, your playground certificate expires and you lose access to the platform, requiring you to reconnect to the internet so the Big Peer can automatically generate a new playground certificate.
To explore Ditto without the commitment, authenticate using the playground identity:
From the portal, create an app and get your access credentials. For instructions, see Onboarding:
Your access credentials consist of an app ID and playground token:
- The app ID is a unique identifier that Ditto uses to recognize your app:
- The Big Peer uses the app ID to identify your app before issuing your playground certificate.
- Peers that share the same app ID will automatically form a mesh network, using any transports available on their respective devices. For more information, see Platform Manual > Transports.
- The playground token is a passphrase that Small Peers use to authenticate your digital identity with the Big Peer. Once authenticated, the Big Peer issues a unique JSON Web Token (JWT) to establish and ensure persistence of connection between Small Peers and the Big Peer. As long as the playground token remains active, your connection persists.
In the top-most scope of the codebase of your app, set up and initialize Ditto and configure your app to use the online playground for testing.