Skip to main content

Overview

PalanK’s local API does not require authentication tokens. Security is enforced through:
  1. Local-only connections: Only 127.0.0.1 and localhost are allowed
  2. Session-based: Each browser tab attachment creates a unique session

Sessions

Session Creation

When the Chrome extension attaches to a tab, a session is automatically created:

Using Session IDs

Include the sessionId in commands to target specific tabs:

Session Termination

When a tab is detached or closed:

Connection Lifecycle

Handshake

Keepalive

The Gateway sends periodic ping messages. Respond with pong:
Failure to respond to ping messages may result in connection termination.

Multiple Tabs

You can work with multiple tabs simultaneously:

Error Handling

No Active Session

Solution: Ensure the Chrome extension is attached to a tab before sending commands.

Invalid Session ID

Solution: Use a valid session ID from a Target.attachedToTarget event.

Connection Lost

If the WebSocket disconnects:
  1. All pending commands will fail
  2. Tabs remain attached in Chrome
  3. Reconnect to resume operations

Best Practices

Track Sessions

Maintain a list of active session IDs from attach/detach events

Handle Disconnects

Implement reconnection logic for robustness

Default Session

Without sessionId, commands go to the first attached tab

Clean Up

Handle detach events to remove stale sessions