logo
Console
Call Kit
Flutter: Dart
Overview
Quick start
Quick start (with call invitation)
Calling config
Overview
Set avatar for users
Add custom components
Configure layouts
Hide the label on the user view
Implement an audio-only call
Customize the menu bar
Set a hangup confirmation dialog
Calculate call duration
Minimize call window
Set video config
Invitation config
Enable fullscreen incoming call
Customize the ringtone
Hide the decline or cancel button
Customizing Calling Background
Auto re-send call invitation after call timeout
Modify User Interface text
Customizing the icon for the iOS CallKit UI
Invitation in calling
Missed call notification and dial-back
API for call invitation
Callbacks for call invitation
FAQ
Advanced Features
Screen sharing
Beauty effects
Use Tokens for authentication
Use with express engine
Troubleshooting call invitations
APIs and Events Referencelink
Migration Guide - v4.xlink
Powered Byspreading
On this page

Use Tokens for authentication

Introduction

To avoid unauthorized service access or operations, ZEGOCLOUD uses digital Tokens to verify user identity, control and validate user privileges. You will need to pass a Token when you log in to a room.

Understand the process

Your app clients request Tokens from your app server and provide the Token for privilege validation when logging in to a room.

The following diagram shows the process of room login privilege validation:

  1. Your app client requests a Token from your app server.
  2. Your app server generates a Token and passes it to the client.
  3. Your app client logs in to a room with userID, roomID, and the Token.
  4. The ZEGOCLOUD SDK sends the Token to the ZEGO server for validation.
  5. The ZEGOCLOUD server returns the validation result to the ZEGO Express SDK.
  6. The ZEGOCLOUD SDK returns the validation result to the app client. If the validation passes, the user logs in to the room successfully; otherwise, the login fails.

Get the AppID and ServerSecret

Go to ZEGOCLOUD Admin Console to get the App ID and ServerSecret of your project.

Generate a Token on your app server

After getting your AppID and ServerSecret, you can define the validation rules on your app server or client based on your business requirements.

Upon request from your app clients, your app server generates Tokens and sends the Tokens to the corresponding app clients.

ZEGOCLOUD provides an open-source Token generator plug-in on GitHub, which you can use to generate Tokens on your app server using different programming languages such as Go, C++, Java, Python, PHP,.NET, and Node.js.

Currently, the Token generator we provided supports generating the following two types of Tokens:

Token typeDescriptionUse Cases
User identity TokenDevelopers must include the Token parameter when logging into a room to verify the user's legitimacy.The user identity Token is used for simple permission verification in most business scenarios. In most cases, generating this Token is sufficient.
User privilege TokenTo further enhance security, room ID and stream ID privileges are opened to verify the logged-in room ID and stream ID.The general use cases for room ID and stream ID privileges are as follows:
- Distinguishing between regular rooms and member rooms, and controlling non-member users from logging into member rooms.
- In voice chat rooms or live streaming scenarios, ensuring consistency between streaming users and users on the microphone to prevent "ghost microphone" phenomenon, where non-microphone users' voices are heard in the room.
- In games like Werewolf, preventing hackers from using other user IDs to log into the same room after cracking the application, obtaining game information, and cheating, which affects the gaming experience of normal users.

When generating two types of tokens, the payload requirements are as follows:

  • User identity Token: To check the user's identity, you can pass null to the payload field.
  • User privilege Token: To check the user's permissions based on the room ID and the streamed ID, you need to generate a valid payload field according to the following validation rules:
    • Validate room login permission only: Add the enable room validation configuration and disable stream publishing permission configuration to the privilege field of the payload. Set room_id to a valid room ID.
    • Validate stream publishing permission only: Add the disable room validation configuration and enable stream publishing permission configuration to the privilege field of the payload. Set stream_id_list to a valid list of stream IDs.
    • Validate both room login and stream publishing permissions: Add the enable room validation configuration and enable stream publishing permission configuration to the privilege field of the payload. Set room_id to a valid room ID and stream_id_list to a valid list of stream IDs.
Warning

For business security, you must generate Tokens on your app server; Otherwise, there is a risk of ServerSecret being stolen.

LanguageSupported versionCore functionCode baseExample - User identity TokenExample - User privilege Token
GoGo 1.14.15 or laterGenerateToken04
C++C++ 11 or laterGenerateToken04
JavaJava 1.8 or latergenerateToken04
PythonPython 3.6.8 or latergenerate_token04
PHPPHP 7.0 or latergenerateToken04
.NET.NET Framework 3.5 or laterGenerateToken04
Node.jsNode.js 8 or latergenerateToken04

How to get a temporary Token

To make it easier for you to try and test the user authentication feature, ZEGOCLOUD Admin Console provides a tool for generating temporary Tokens, which you can use directly in a testing environment. In production, you must generate Tokens on your app server.

Use a Token

Previous

Beauty effects

Next

Use with express engine

On this page

Back to top