At Vidyo, we often receive questions about tokens. It’s important to understand tokens before tackling more advanced topics on vidyo.io. Tokens are used to authenticate each endpoint (mobile, web, or native desktop app) to the vidyo.io service and enable video chat sessions. We’ll answer some frequently asked questions regarding tokens in this article.
We created a brief video overview of tokens and how they are used.
What is a token?
A token is a short-lived credential that is passed to the vidyo.io service from the endpoint at connection time. If the connection request contains a valid token, the call will succeed. If the token is invalid, the call will be rejected.
How do I get a token?
The token is generated by your application back end. In other words, you give the token to an endpoint when your application has decided to allow the endpoint into a call. You do not need to make an API call to vidyo.io to obtain the token; rather, you generate the token yourself.
How is a token generated?
A token is generated by combining a user name, the applicaition ID, and an expiration time, then signing these with the developer key. The resulting string is the token.
What does the code that generates tokens look like?
You can see token-generation sample code on the vidyo.io website for:
Are tokens unique?
Yes. You should generate a unique token for each user who connects. Two users can’t use the same token, so your application back end must be able to generate and distribute tokens to users when needed.
What are best practices for generating a token?
To generate a token you must have the application ID and developer key. These should be protected in your application back end. Never generate the token in the client application directly as this risks leaking the application ID and developer key.
Another best practice concerns token expiration. It might be tempting to set a long expiration time. However, you risk someone continuing to use the token longer than you anticipated. In general, generate a token every time a user connects at connection time and keep the token duration just long enough for them to get connected.
What are the benefits of token-based authentication?
Token-based authentication is very secure and extremely flexible. Here are just a few of the benefits of using token-based authentication.
- Tokens are a way for you to authenticate your users with the vidyo.io service without sharing any end-user information. Once you have authenticated your users you can decide when to permit them to join a video session.
- Because the token is generated within your application, there’s no need to query vidyo.io for a token. This improves performance by reducing connection times.
- You are not tied to any particular authentication scheme to use vidyo.io. This gives you more flexibility for authenticating users to your application.
For more information on token generation, check out the “Getting Started with Vidyo.io” webinar recording.