API Dashboard
Vonage.com
Pricing
Support
Documentation
Blog
Code Hub
View All docs
Video API
Overview
Release Notes
Discover & Test
Technical Details
Video Products Comparison
Pricing
Getting Started
Use Cases
Overview
One-on-One Video with the Vonage Video API
Multiparty Video with Archiving with the Vonage Video API
Bridging Phone Calls into Video Meetings
Live Broadcasting with the Vonage Video API
Related Blog Posts
Build Your Solution
Client SDKs
Overview
Android
Overview
Release Notes
SDK Reference
iOS
Overview
Release Notes
SDK Reference
Linux
Overview
Release Notes
SDK Reference
macOS
Overview
Release Notes
SDK Reference
React Native
Overview
Release Notes
SDK Reference
Web
Overview
Release Notes
SDK Reference
Windows
Overview
Release Notes
SDK Reference
Server SDKs
Overview
.NET
Java
NodeJS
PHP
Python
Ruby
Migration Guides
Twilio Migration Guides
Overview
Android
iOS
Web
OpenTok Server SDK Transition Guides
Ruby Server SDK
Java Server SDK
.NET Server SDK
PHP Server SDK
Python Server SDK
Node Server SDK
Guides
Overview
Create a Token
Create a Session
Joining a Session
Getting Started
Initializing a Session Object
Connecting to a session
Disconnect from a Session
Detecting when you have disconnected
Automatic reconnection
Detecting when clients have connected and disconnected
Troubleshooting session connection issues (Javascript)
Troubleshooting session connection issues (React Native)
Audio fallback
Moderation
Publishing Streams
Overview
Initializing a publisher object
Publishing a stream
Extra configuration
Detect granted access to camera and microphone (Web)
Setting the camera and microphone (Web)
Remember camera and microphone selection (Web)
Stream settings (Web)
Managing publishers (Web)
Publishing video and audio from alternate sources (Web)
Video Settings (Web)
Best Practices (Web)
Troubleshooting (Web)
Stop a publisher from streaming
Getting statistics about a publisher's stream
Access & Checks
Testing a publisher's stream
Screen Sharing
General concepts
Screen sharing using the Web SDK
Android code example
iOS code example
Subscribe to Streams
Overview
Detect when streams are created in a session
Subscribe to a stream
Automatic reconnection
Detecting when streams end and a subscriber's video is disabled
Getting information about a stream
Unsubscribe from a stream (Javascript only)
Managing subscriber streams (Javascript Only)
Managing subscriber streams (React Native)
Troubleshooting (Javascript Only)
UI Customization
General customization
Swift
Web Only
Directly accessing the video element for a Publisher or Subscriber
Displaying a custom UI element when Subscriber audio is blocked
Adjusting video cropping and letterboxing
Hiding all built-in user interface controls for videos
Displaying or hiding the name in a video
Setting an image to display in audio-only mode
Setting the initial position and dimensions of a video
Accessing MediaStream objects
Accessing MediaStream objects for Subscribers
Resizing or repositioning a video
Getting a snapshot image of a video
Management & Signaling
Signaling
Session Monitoring
Server Rotation
Video Session Customization
Adjusting Audio & Video
Voice Only
Publisher Audio Fallback
Archiving
Overview
Customizing the video layout for composed archives
Layouts for composed archives and live streaming broadcasts
Amazon S3 server-side encryption
Archive Encryption
Archiving using a Windows Azure container
Archiving using AWS S3
Broadcast
Overview
Live Interactive Video Broadcasts
Live streaming broadcasts
Layouts for composed archives and live streaming broadcasts
Experience Composer
Experience Composer
SIP Interconnect
SIP Interconnect
AI Connectors
Audio Connector
Live Captions
Media Processor
Overview
Android
iOS
iOS (Swift)
macOS
React Native
Web
Windows
Additional Resources
Video Insight
Video Codecs
Scalable Video
Mobile Guidelines
1080p Video
Security
Securing Your App
Advanced Media Stream Encryption (AES-256)
End-to-End Encryption
Secure Callbacks
Networking & Environment
Enterprise Environment
IP Allowed List
Restricted Network Guidelines
Configurable TURN Servers
Regional Media Zones
IP Proxy Routing
EU Proxy Routing
Tools & Debugging
Insights API
Exception Handling - JavaScript SDK
Debugging
Tutorials
Archiving
Adjusting audio and video
Creating a video chat app
Create session
Token creation
Custom Video Capturing (Mobile Only)
Custom video rendering (Mobile Only)
Custom Audio Driver (Mobile Only)
Debugging
Mobile guidelines
Moderation
Signaling
A basic text chat implementation
API Reference
Developer Tools
Overview
Archive Inspector
Insights GraphiQL Explorer
Session Inspector
Playground
Pre-Call Test
Vonage Video API Reference App for React
Overview
Release Notes
Manage & Support
Related Blog Posts
Billing and Payments
Sample Apps
Community Slack
Video Express
Overview
Developer Guide
SDK Reference
Release Notes
Video + AI
Overview
Audio Connector
Live Captions
Media Processor
Overview
Android
iOS
iOS (Swift)
macOS
React Native
Web
Windows

Token Creation Overview

In order to authenticate a user connecting to a session, the user's page must pass a token along with the App ID. You generate a token for each user trying to connect to a session.

For more information on connecting, see the documentation on joining a session.

Roles

Each token is assigned a role, which determines the capabilities of the client that connects using that token. There are three roles:

  • Subscriber — Clients that connect with a subscriber token can connect to sessions and subscribe to other clients' streams. They cannot publish their own streams to a session.
  • Publisher — Clients that connect with a publisher token can connect to sessions, publish audio-video streams to the session, and subscribe to other clients' streams.
  • Publisher-only - Clients that connect with a publisher-only token can connect to the session and publish audio-video streams to the session, but they cannot subscribe to other clients' streams. Additionally, clients that connect with a publisher-only token are restricted from sending signals. Note: Currently,creating publisher-only tokens is supported in the server SDKs.
  • Moderator — In addition to publishing and subscribing to streams, moderators connected in a client using the Client SDKs can force other clients to disconnect from a session or to stop publishing audio-video streams. (Any client can be forced to disconnect or stop publishing, but only a moderator using the client SDKs can perform these moderation functions.) Additionally, moderators connected can force one or more streams in the session to mute published audio.

Expiration dates

Tokens expire after a set period of time (up to 30 days). You can specify the expiration period when you generate the token.

Connection data

For each token, you can add a string containing metadata describing the client. For example, you can pass the user ID, name, or other data describing the client. You may obtain this data from a server-side database or from data provided to you by the client, depending on your application. The length of the string is limited to 1000 characters. This data cannot be updated once it is set.

Do not use personal information in token data — token metadata is passed to all users in the session and is also readable through the Vonage video client logs, so you should never use unencrypted sensitive or personal information in the token data.

See security best practices.

The Vonage Video client SDKs include properties for inspecting the connection data for a client connected to a session.

Best practices when generating tokens

Tokens are cheap to generate. They are generated with a hashing function and your secret. There is no API call to our servers used when generating a token. We recommend:

  • Generating a new token for every user at the time they try to connect. Tokens have an expiration time, which by default is 24 hours after the token is created. Once expired, you cannot use the token to connect to the session.
  • Do not store tokens or trying to reuse them.
  • Using connection data to identify users. Connection data is a secure way to store information about your users (such as a user ID, which can help you identify your users in your application).

Generating tokens

You can generate tokens using one of the server-side SDKs.

Navigation

Token Creation Overview
Roles
Expiration dates
Connection data
Best practices when generating tokens
Generating tokens