---
source_url: https://www.pubnub.com/docs/general/resources/architecture
title: Architectural Choices
updated_at: 2026-05-18T12:48:26.450Z
---

> Documentation Index
> For a curated overview of PubNub documentation, see: https://www.pubnub.com/docs/llms.txt
> For the full list of all documentation pages, see: https://www.pubnub.com/docs/llms-full.txt


# Architectural Choices

PubNub provides resilient, real‑time messaging with very low latency. Choose patterns based on your use case to get the best results.

This guide highlights effective patterns and common anti‑patterns, with ways to correct them.

## Send messages

To send messages, call the [Publish API](https://www.pubnub.com/docs/general/messages/publish).

### Client-Server passthrough publish

![Client-Server Passthrough Publish](https://www.pubnub.com/assets/images/inefficient-client-server-passthrough-publish-n-7243dd30e323300e4d039070e9489707.png)

In this pattern, the client brokers messages through your server. It adds latency and creates a single point of failure. Nearby clients also miss sub‑30 ms round‑trip performance. Publish directly from the client to take full advantage of PubNub.

### Optimal client publish

![Optimal Client Publish](https://www.pubnub.com/assets/images/optimal-client-publish-n-a444ebdcf3e1bdc1106905fcd367f406.png)

The client publishes and subscribes directly. Global average latency is about 30 ms. Nearby clients often see sub‑30 ms. During poor connectivity, routing automatically fails over to the next accessible path. Use an authorization token that grants Publish on the data channel.

### Optimal client publish + synchronous server logic

![Optimal Client Publish + Synchronous Server Logic](https://www.pubnub.com/assets/images/optimal-client-publish-and-synchronous-server-logic-n-54dfdce53bab226d30eb0a7d99fc2c63.png)

When you need to have your server involved for business logic reasons or data copy reasons. This pattern shows you the best approach for integrating server-side logic with PubNub.

### Optimal client publish + asynchronous server logic

![Optimal Client Publish + Asynchronous Server Logic](https://www.pubnub.com/assets/images/optimal-client-publish-and-asynchronous-server-logic-n-d39aa3645c5b92b1ff292740f0283fff.png)

You may need to run business logic on JSON messages without adding latency. Create an `onAfter` event handler. It executes server logic on a copy of the message asynchronously while the original message is delivered to the device.

### Optimal client publish + HTTP call to third-party API server

![Optimal Client Publish + HTTP Call to Third-party API Server](https://www.pubnub.com/assets/images/optimal-client-publish-and-http-call-to-3rd-party-api-server-n-d4097b76db8ae406dafe991d0cbc79d8.png)

You can integrate third‑party APIs easily. Enable Functions `onBefore` or `onAfter` handlers on your data channels and call the external API from JavaScript.

Use the API response to augment the message inline, or save the original message to the third‑party system using an `onAfter` handler.

### Optimal server sent Events

![Optimal Server Sent Events](https://www.pubnub.com/assets/images/optimal-server-sent-events-n-568623e3119225568af2eaf6aa1c538b.png)

Server‑sent events are supported. Notify users when a long‑running task completes. If the event is client‑initiated, the client should publish directly. Send events from your server only for asynchronous tasks such as timers/cron, system events, or long‑running task status.

## Receive messages

### Proxy connection

![Proxy Connection](https://www.pubnub.com/assets/images/inefficient-proxy-connection-n-6434f53ec9656d42af9181664a52f92f.png)

A proxy‑in‑the‑middle can conflict with encryption and TCP connection duration policies. This can reduce performance and reliability for mobile connectivity.

### Optimal TCP connection to nearest point of presence

![Optimal TCP Connection to Nearest Point of Presence](https://www.pubnub.com/assets/images/optimal-tcp-connection-to-nearest-point-of-presence-n-551821f6a6a437ed58389405114a2b46.png)

Subscribe to a data channel to receive messages. Call the Subscribe API using the PubNub SDK. The mobile app opens a TCP connection to the nearest data center and keeps the connection open. When the app closes, the connection is cleared.

### Message data copy

You may want to copy messages to your own database for indexing or backup purposes.

#### Client-side forking doubles mobile traffic

![Client-side forking doubles mobile traffic](https://www.pubnub.com/assets/images/inefficient-forking-messages-doubles-mobile-traffic-n-e33dc8c8a55c526565a449096cd523e6.png)

Sending data directly from the client to your server is inefficient for copying data. Instead, publish to your local PubNub point of presence (PoP). Multiple PoPs provide fast, reliable connectivity.

#### Optimal event handler

![Optimal Nearest Point of Presence Event Handler](https://www.pubnub.com/assets/images/optimal-nearest-point-of-presence-event-handler-n-55f14ecaa4dd58d45794191420f8f629.png)

Use Functions to run lightweight JavaScript on the PubNub platform. Issue HTTP calls from JavaScript to POST the message body to your server. Use `onAfter` handlers to save messages to your database.

#### Optimal offline backup with Message Persistence

![Optimal Offline Backup with Message Persistence](https://www.pubnub.com/assets/images/optimal-offline-backup-with-storage-and-playback-n-24063940f6dc8e179e5a368047c413d3.png)

PubNub includes multi-datacenter replicated message persistence. Your messages are configurable to be indexed and stored across multiple PubNub PoPs. This allows you to fetch the history for a data channel on a periodic interval. You can download every message from your app via the Message Persistence paging API. After you have fetched your messages, you can save them to your database and process the messages as you need.

## Security

### Key exchange & rotation

When providing the phone app with API keys (`publish key`, `subscribe key`, `cipher key`) you should never hard-code those keys directly in your production app. You should enable [Access Manager](https://www.pubnub.com/docs/general/security/access-control) to add security to your PubNub environment.

Using Access Manager, your mobile app needs to authenticate itself by calling a secure endpoint with access credentials. To get them, the server needs to first make a grant call to PubNub and request a time-limited token with embedded permissions for the app. The app needs to include the received token in any subsequent request made to PubNub to access various resources (channels, channel groups, or User ID metadata) and perform operations at the access level defined in the token. For more details, read about the [authentication flow in Access Manager](https://www.pubnub.com/docs/general/security/access-control#authorization-flow).

:::note User ID / UUID
User ID is also referred to as **UUID/uuid** in some APIs and server responses but **holds the value** of the **userId** parameter you [set during initialization](https://www.pubnub.com/docs/general/setup/users-and-devices#set-the-user-id).
:::

#### Optimal client authenticates with your App server returning API keys

![Optimal Client Authenticates with your App Server returning API Keys](https://www.pubnub.com/assets/images/optimal-client-authenticates-with-your-app-server-returning-access-keys-n-9d0796affd38b33993a986c60255dbd9.png)

To authenticate and provide access to PubNub's network for your users, you need to provide them with PubNub's API keys and an access token. The client is able to perform the permitted activities, such as Read/Write/Admin/Manage, on PubNub resources depending on the permissions specified in the token.

This key and token exchange can happen after authentication. There are many ways to authenticate your clients, including having an API endpoint at your server. Functions endpoints offer this as well, as shown in the next example.

#### Optimal client authenticates with Functions endpoint giving API keys

![Optimal Client Authenticates with Functions endpoint giving API Keys](https://www.pubnub.com/assets/images/optimal-client-authenticates-with-blocks-endpoint-giving-access-keys-n-a082149708548e0d7a9e75645b2b6aea.png)

Using Functions endpoints, you can run your own lightweight JavaScript code on PubNub. This allows you to provide API keys to your client device programmatically. However, your client-side code or your server will need to call PubNub's grant API to get a token that your app can use to interact with PubNub resources.

#### Client app with hard-coded API keys

![Client app with hard-coded API keys](https://www.pubnub.com/assets/images/inefficient-client-app-has-hard-coded-api-access-keys-n-340a731796acc590b993f89f2065ffec.png)

When you hard code your API keys for access to PubNub, you'll put yourself in a security risk situation. You'll no longer have access to Key Rotation capabilities. It's not easy to implement your own Key Rotation. You'll be stuck in a multi-deploy multi-week work cycle in a process of Key Migration.

This is much more involved and it's better to avoid hard coding in general. If you don't have a web server, you can use Functions endpoints to store your API keys. The endpoint is accessible from your client device via HTTP POST. The endpoint will return access credentials to the client device including a Publish Key and a Subscribe Key. It can also return an access token if the endpoint is secured.

#### Client app with an embedded secret key

![Client app with an embedded secret key](https://www.pubnub.com/assets/images/inefficient-client-app-has-secret-key-embedded-n-5259b6d09bfa8cac23b39f1118165433.png)

The secret key should only be used within a secure server and never exposed to client devices. If the secret key is ever compromised, it can be an extreme security risk to your PubNub account keys. If you suspect your secret key has been compromised, you have the ability to regenerate a new secret key for the existing PubNub keys set.

:::note Regenerating the secret key
Contact [PubNub Support](https://support.pubnub.com/hc/en-us) for guidance before you regenerate a secret key for a production keyset. A Solution Architect will help you choose the best approach for your use case and requirements.
:::

## More design patterns

* Design Patterns for [Server Message Aggregation](https://www.pubnub.com/docs/general/resources/design-pattern-message-aggregation)
* Design Patterns for [Friend Lists and Status Feeds](https://www.pubnub.com/docs/general/resources/design-pattern-friend-list-status-feeds)