Authentication
ApiRTC APIs accept several authentication mechanisms
Anonymous user
Anonymous/unidentified users can use ApiRTC library through your apiKey only.
// Declare a new anonymous UserAgent
// - be mindful of the uri starting by 'apiKey:"
var ua = new apiRTC.UserAgent({uri: 'apiKey:#HERE_YOUR_APIKEY#' });
ua.register({cloudUrl: 'https://cloud.apirtc.com'})
.then( session => {...});
Authentication via login/password
ApiRTC library and REST APIs supports login/password authentication.
However, for any frontend implementation, we recommend to use a JWT to avoid leaking your identifiers publicly.
// Declare a UserAgent pointing to an existing ApiRTC user account
// - be mindful of the uri starting by 'apirtc:"
var ua = new apiRTC.UserAgent({uri: 'apirtc:#your.login.apirtc@email.com#' });
//Pass your password when registering
ua.register({cloudUrl: 'https://cloud.apirtc.com', password: '#YOUR_PASSWORD_HERE#'})
.then( session => {...});
Authenticate with a JWT token
ApiRTC library is accepting JWT authentication, whether the token is emitted:
by the ApiRTC platform through the authentication endpoint,
or by any external authentication server that respect the JWT standard.
// Declare a new anonymous-like UserAgent
// - be mindful of the uri starting by 'apiKey:"
var ua = new apiRTC.UserAgent({uri: 'apiKey:#HERE_YOUR_APIKEY#' });
//When registering,
ua.register(
{cloudUrl: 'https://cloud.apirtc.com',
id: '#USER_ID#',
token: "#JWT_STRING_HERE#"})
.then( session => {...});
More about the JWT authentication
The authentication call-flow is illustrated below:
How to forge a JWT
To understand the JWT format, here is a code sample using the jsonwebtoken authentication module:
jsonwebtoken.sign({
grants: {
apiRTC_UserAgent_Id: '#YOUR_USER_ID#'
}
},
'#YOUR_SECRET_HERE#',
{
header: {
typ: 'JWT'
},
algorithm: 'HS256',
subject: '#YOUR APIKEY_HERE#',
audience: 'apiRTC',
expiresIn: 3600,
jwtid: uuidv4()
});
#YOUR_USER_ID#
is the user identifier used in the external user management system,#YOUR_SECRET_HERE#
is a secret key that you get from the ApiRTC authentication configuration interface,#YOUR APIKEY_HERE#
is an apiKey you get from the ApiRTC console.
Continue reading about JWT Authentication
Last updated