Learn about the authentication mechanisms supported by ApiRTC.
ApiRTC's different APIs accept different authentication mechanisms.
The frontend API can authenticate with ApiRTC's user management, or with external user management.
ApiRTC user management supports login/password authentication.
In case of external user management, JSON Web token authentication is supported by ApiRTC platform.
JSON Web token is an open standard defining a compact and self-contained way for securely transmitting information between parties as a JSON object.
This information can be verified and trusted because it is digitally signed. When tokens are signed are signed using private/public key pairs, the signature also certifies that only the party holding the private key is the one that signed it.
JSON Web token are a way for you to authenticate your users in the ApiRTC platform without sharing any end-user information. Once you have authenticated your users you can decide when to permit them to join a video session.
The authentication call-flow is illustrated below:
To understand required JWT format, please read sample code below using jsonwebtoken :
userId is the user id in external user management,
secret is a secret key that you get from ApiRTC authentication configuration ,
apiKey is your account apiKey you get from ApiRTC apiKey .
The platform REST APIs requires a user account with ADMIN role on the ApiRTC. Refer to Platform Api, Authentication for more information.