Setup Authentication Server and Tokens
Why we use token based Authentication ?
Token based authentication allow users to verify their identity by providing generated API key and secrets.
- Your server will generate access token using your API key and secret
- Your client obtains token from your backend server.
- For token validation, client will pass this token to VideoSDK.
- VideoSDK server will only allow entry in meeting if the token is valid.
To begin working with the VideoSDK, you need to setup a server that can authenticate & validate your API key and secret which we generated in the previous step. Follow this Get your API key and Secret if you haven't generated API key and secret.
For server setup, you'll need the following APIs:
GETget-token : By providing API key and secret, this API will return accesstoken. We'll discuss in depth how to achieve it.
POSTcreate-meeting : By providing generated access token, this API will return dash(-) separated meetingId, for example abc-pqr-xyz.
POSTvalidate-meeting/:meetingId : By providing generated meetingId as a path parameter, this API will only validate the provided meetingId and return a
200 statusresponse. This API is for verification purpose only [OPTIONAL].
You can integrate this APIs in client side also but we will suggest to use it at server side for better security.
Generate Accees Token
To manage secured communication, every participant that connects to meeting needs a access token. By substituting
permissions in it.
Follow our official example repositories to setup token API and meeting API, videosdk-rtc-api-server-examples
Available permissions are:
- allow_join: The participant is allowed to join the meeting directly.
- ask_join: The participant requires to ask for permission to join the meeting.
- allow_mod: The participant is allowed to toggle webcam & mic of other participants.