First off, in order to send client events, you need an authorization endpoint. This is usually run on the server where your application is hosted. The javascript library expects the auth endpoint to be located at
http://yourapp.com/pusher/auth
Depending on the kind of server you're running, the way the auth endpoint is implemented will be different. Most major platforms have a Pusher server library already.
Granted, there are ways around having to use an auth endpoint. The only problem is that it requires that your client has access to the Pusher app secret key, which is not the best option security-wise.
You can check out an example of an auth endpoint for use on Google App Engine here.
Some more details on how the auth endpoint works:
It receives POST requests with the following keys:
socket_id , channel_id
The Pusher javascript library sends a POST request like this
example.com:80 POST /pusher/auth?socket_id=123456789&channel_id=private-channel
the response from the auth endpoint is in JSON and looks like this:
{"auth": "987654321:1234567890abcdef1234567890abcdef"}
where 987654321 is your Pusher Application ID and the rest is the HMAC-SHA256 hash of
the Pusher App Secret Key
, socket id
, and channel name
all concatenated together
This auth string is then used by the javascript Pusher library to subscribe to a private channel
Everything else in terms of communicating with Pusher is handled by the javascript library over websockets in the browser.