This article will explain how to set up Feed Groups that are private to selected users using the Stream Feeds API and your server.
Permissions With Feeds
By default, there are three types of Feed permissions that are implemented for fetching Feed data with client-side authentication. To learn more about this
The issue with Private Groups and Client-side Authentication
The issue that you may have identified is that our API is not able to create groups of users who have access to a Feed. So this is where an additional check from your own database will be required, and the logic for fetching feed content for private groups, will need to be abstracted to your server.
The Recommended Approach
In this recommended approach, the client-side device fetches feed information for private and public feeds by interacting directly with the Stream API. However, for private groups, there needs to be some logic with your server so you are able to only serve content to those who should have access to it.
*Client-side authentication is the App_key and a JSON Web Token (JWT) signed with the user_id and created using the App_key and Secret);
const client = stream.connect(app_key, JWT);
**Server-side authentication is primarily used from your server (trusted environment) and is the App_key and Secret.
const client = stream.connect(app_key, secret);