Good catch! You’re the first person I know of to try and use the swagger-generated access token with the web socket endpoint. The only reason it doesn’t work is that we didn’t turn it on - but there’s no reason not to turn it on so we’ve just done that now. Try again with the token you generated (or generate another). You can also continue to use the dev key found in the docs.
Definitely not ideal - the web app API key is subject to change and/or being white-listed by referring domain (currently we’re only monitoring it, but not yet restricting it).
It actually has been implemented on the back-end, but we still don’t have the client tools live. We’re making steady progress with the “updated developer tools” promised so long ago, but we’re not quite there yet thanks to other priorities that keep getting in the way. We have a goal of launching those before we start shipping Tempest. And I know what you’re thinking… “a goal without a plan is just a wish!” Fortunately, we do have a plan as well!