Thanks for clearing up the realtime server situation, for some reason it won't show up in chrome developer tools no matter how I filter it. If I could make a suggestion, it would be very helpful for compatibility if you kept the ggs_host field in /ui/config, so that existing applications know where to look.
And for the password, does this mean I should use the same auth API as before, and just send the main website password in place of the app specific one? The oauth2/access_token API is returning not found.
edit: got chrome tools to see it, not sure what I did wrong before