To ensure communication security, when users log in to the RTM system, Agora needs to check their authentication information. Agora provides three authentication mechanisms. According to your scenarios, you can choose one of the following mechanisms:
|Use an App ID for authentication||Scenarios with low security requirements|
|Use an RTM token for authentication||Scenarios with high security requirements|
|Use either an App ID or an RTM token for authentication||Scenarios in which you need to upgrade your projects to use token authentication|
After signing up for a developer account in Agora Console, you can create multiple projects. Each project has an App ID, which is the unique identity of the project. If others steal your App ID, they can use it in their own projects. Therefore, using an App ID for authentication is less secure. Agora recommends using an App ID for authentication only in a test environment, or if your project has low security requirements.
Sign up for a developer account at Agora Console. See Sign up for an Agora account.
Click in the left navigation menu to enter the Project Management page.
Enter your project name, choose the App ID authentication mechanism in the dialog box, and click Submit.
When the project is created successfully, you can see the newly created project in the project list. Click to view and copy the App ID.
You need to enter the App ID when initializing the client.
If you need to use an RTM token for authentication, click Edit and enter the Edit Project page to enable an app certificate.
Token is a dynamic key generated by App ID, App Certificate, user ID, token expiration timestamp, and other information. For scenarios requiring high-security, such as the production environment, Agora recommends using an RTM token for authentication.
You need to generate an RTM token on your server. Follow the steps below to get the App ID, enable App Certificate, and call an API to generate an RTM token.
1. Get an App ID
See Get an App ID.
An App Certificate is a string generated from Agora Console, and it enables token authentication. For different security requirements, Agora provides two types of app certificates. The differences are as follows:
If you enable an app certificate for the first time, you need to enable a primary certificate first.
To enable a primary certificate, do the following:
If you choose the APP ID + APP Certificate + Token authentication mechanism when creating a project, Agora enables the primary certificate for you by default. On the Edit Project page, you can click to view and copy the primary certificate.
If you choose the APP ID authentication mechanism when creating a project, you need to enable the primary certificate manually. On the Edit Project page, find Primary certificate and click Enable. Once the primary certificate is enabled, you can click to view and copy the primary certificate, and use either an App ID or the token generated by the primary certificate for authentication.
Agora provides an open source Agora Dynamic Key repository on GitHub. The
./<language>/src folder of each language holds source codes for generating different types of dynamic keys and tokens. You can use
RtmTokenBuilder to generate an RTM Token. The
./<language>/sample folder of each language holds token generator examples that Agora creates for demonstration purposes.
RtmTokenBuilderSample is a demo for generating an RTM token.
For detailed steps to generate an RTM Token, see Generate an RTM Token.
4. Switch and delete the primary certificate
After enabling a primary certificate, you can enable a secondary certificate. if the primary certificate is exposed to security risks, you can swap the secondary certificate for the primary certificate and delete the original primary certificate.
To switch and delete the primary app certificate, do the following:
After generating an RTM token, see the following steps to use the RTM token:
renewTokento update the RTM token and use the new token to log in to the RTM system.
If you only use the App ID for authentication, you can follow the steps below for upgrading your project to use either an App ID or a token for authentication:
After successfully enabling a primary app certificate, use the primary app certificate to generate an RTM token.
Use either an App ID or an RTM token for authentication. For example, when existing users are using App ID for authentication, new users can use an RTM token for authentication, and thus both new and old users can log in to the RTM system. You can gradually phase out the use of App ID for authentication.
After all users switch to using an RTM token for authentication, Agora recommends deleting No certificate.