Skip to main content
Version: 0.1.x

Setup Authentication Server and Tokens

Why we use token based Authentication ?

Token based authentication allow users to verify their identity by providing generated API key and secrets.

  • Your server will generate access token using your API key and secret
  • Your client obtains token from your backend server.
  • For token validation, client will pass this token to VideoSDK.
  • VideoSDK server will only allow entry in meeting if the token is valid.

To begin working with the VideoSDK, you need to setup a server that can authenticate & validate your API key and secret which we generated in the previous step. Follow this Get your API key and Secret if you haven't generated API key and secret.

For server setup, you'll need the following APIs:

  1. GET get-token : By providing API key and secret, this API will return accesstoken. We'll discuss in depth how to achieve it.

  2. POST create-meeting : By providing generated access token, this API will return dash(-) separated meetingId, for example abc-pqr-xyz.

  3. POST validate-meeting/:meetingId : By providing generated meetingId as a path parameter, this API will only validate the provided meetingId and return a 200 statusresponse. This API is for verification purpose only [OPTIONAL].


You can integrate this APIs in client side also but we will suggest to use it at server side for better security.

Generate Accees Token

To manage secured communication, every participant that connects to meeting needs a access token. By substituting apikey and permissions in it. Follow our official example repositories to setup token API and meeting API, videosdk-rtc-api-server-examples

Available permissions are:

  • allow_join: The participant is allowed to join the meeting directly.
  • ask_join: The participant requires to ask for permission to join the meeting.
  • allow_mod: The participant is allowed to toggle webcam & mic of other participants.
const jwt = require('jsonwebtoken');


const options = {
expiresIn: '10m',
algorithm: 'HS256'
const payload = {
apikey: API_KEY,
permissions: [`allow_join`], // `ask_join` || `allow_mod`
version: 2,
roles: ['CRAWLER'],

const token = jwt.sign(payload, SECRET, options);