Learn about the authentication mechanisms supported by ApiRTC.

ApiRTC's different APIs accept different authentication mechanisms.

Frontend Application API

The frontend API can authenticate with ApiRTC's user management, or with external user management.

ApiRTC user management

ApiRTC user management supports login/password authentication.

In case of external user management, JSON Web token authentication is supported by ApiRTC platform.

External user management : JWT

JSON Web token is an open standard open_in_new defining a compact and self-contained way for securely transmitting information between parties as a JSON object.

This information can be verified and trusted because it is digitally signed. When tokens are signed are signed using private/public key pairs, the signature also certifies that only the party holding the private key is the one that signed it.

JSON Web token are a way for you to authenticate your users in the ApiRTC platform without sharing any end-user information. Once you have authenticated your users you can decide when to permit them to join a video session.

The authentication call-flow is illustrated below:


  1. The application issues a request to the auth server to get a JWT.

    To understand required JWT format, please read sample code below using jsonwebtoken open_in_new:

    userId is the user id in external user management,

    secret is a secret key that you get from ApiRTC authentication configuration open_in_new,

    apiKey is your account apiKey you get from ApiRTC apiKey open_in_new.

  2. The application registers with the client API, providing the JWT.

Platform API

The platform REST APIs requires a user account with ADMIN role on the ApiRTC. Refer to Platform Api, Authentication for more information.