This page describes the token (Agora’s authentication mechanism). Before you start, check if your SDK version supports token:

Agora SDK Version that Supports the Token
Native 2.1.0+
Web 2.4.0+
Gaming 2.2.0+

To get the SDK version, call the following API methods:

  • Native SDK: getSdkVersion
  • Gaming SDK: getSdkVersion

Agora’s Authentication Mechanisms

The joinChannel method requires a security key as an essential parameter. The Agora SDK provides two different security key mechanisms based on your security requirements:

  1. For low-security requirements, such as for testing: App ID.
  2. For high-security requirements, such as for production: App ID + App Certificate + Token. Note that an App Certificate is enabled solely for the purposes of generating a Channel Key and cannot be used alone.

Authenticate using an App ID only

After signing up at Dashboard, you can create multiple projects and each project will have a unique App ID.

Anyone with your App ID can use it on any Agora SDK. Hence, it is prudent to safeguard the App IDs.

Get an App ID

  1. Sign up for a developer account at Agora Dashboard and follow the on-screen instructions to create a project.
  2. Click the Project Management icon in the left navigation panel.
  3. Find the corresponding App ID under the created project.

Use an App ID

You can access the Agora services with a unique App ID:

  1. Enter the App ID in the start window to enable communications.
  2. Add the App ID to the code when developing the application.
  3. Set the appId parameter as the App ID when initializing the client.
  4. Set the token parameter as NULL when joining the channel.

Authenticate using Token

Agora recommends using a combination of App ID, App certificate, and token for authentication in production scenarios.

The following process generates a token:

  1. Deploy a token generator on your server.
  2. The client sends a request for a token to the server.
  3. The server uses the token generator to create a token and sends the token back to the client.
  4. The client passes the token when joining a channel.
  5. When the token is about to expire or has expired, repeat Steps 2 to 4.
  6. The application client calls renewToken to use the new token.

Deploy a Token Generator

To use token for authentication, you need to deploy a token generator on your server to generate a token.

Agora provides the server-side sample codes supporting the following languages:

  • C++
  • Go
  • Java
  • Node.js
  • Python
  • PHP
  • Perl

You can deploy the corresponding sample code on your server, or write your own code in a different programming language.

If you have implemented Agora’s algorithm in other languages, you can file a pull request on GitHub. Agora will merge any valid implementations and test cases.

Generate a Token

The application client needs to send the following parameters to the server to generate a token:

Name Description
appID [1] The App ID of the user’s project in the Agora Dashboard, see Getting an App ID.
appCertificate The App Certificate of the user’s project in the Agora Dashboard, see Getting an App Certificate.
channelName Name of the channel that the user wants to join.
uid ID of the user who wants to join a channel.
expireTimestamp [2] The privilege expiration time. The default value is 0, where the token never expires. A user can join a channel indefinitely within the designated expiration time and will be removed from the channel after the expiration time.

[1] Agora does not support signing Token with a non-zero string uid for the time being.
[2] expireTimestamp is represented by the number of seconds elapsed since 1/1/1970. If, for example, you want to access the Agora Service within 10 minutes after the token is generated, set expireTimestamp as the current timestamp + 600 (seconds). The expiration time for each token is independent, and you can set it through the setPrivilege method.

Get an App Certificate

Each Agora account can create multiple projects, and each project has a unique App ID and App Certificate.

To get an App Certificate:

  1. Login to

  2. Click the Edit button of the corresponding project on the Project Management page.

  1. Click the Enable button next to the App Certificate.

  2. Read the pop-up description of the App Certificate and click Save as promped.

  1. The system sends your mail account a confirmation Email. Please follow the instruction to enable the App Certificate.

  2. On the Project Management page, click the 'eye' icon to view and copy the App Certificate. You can re-click this icon to hide the App Certificate.

  • Keep the App Certificate on the server, never on any client machine.

  • The App Certificate takes about five minutes to take effect after it is enabled.

  • Once the App Certificate is enabled for a project, a token must be used. For example, before enabling the App Certificate, an App ID can be used to join a channel; but once an App Certificate is enabled, a token or a Channel Key must be used to join a channel.

Use a Token

Before a user joins a channel from the client:

  1. The client requests authentication from your organization’s business server.

  2. The server, upon receiving the request, generates a token using the token generator and sends the token back to the client.

  3. To join a channel, the client calls the join method, which requires the token as the first parameter.

  4. The Agora server receives the token and confirms that the call comes from a legitimate user, and then allows the user to access the Agora SD-RTN™ (Software Defined Real-time Network).

  • When you deploy the token, the token replaces the original App ID when a user joins a channel.

  • The token expires after a certain period of time. The application must call renewToken when notified by the onTokenPrivilegeWillExpire callback that the token is about to expire or has expired.

  • The token encoding uses the industry-standard HMAC/SHA1 approach and the libraries are available on most server-side development platforms, such as Node.js, Java, PHP, Python, and C++. For more information, see


If your SDK version is earlier than v2.1.0 and you wish to migrate to the latest version, see Token Migration Guide.

Learn how to generate a token on the server on the Generating a Token page.

The following table lists the API methods that require a token as a parameter:

Platform Join a Channel Renew the Token
Android Join a Channel (joinChannel) Renew the Token (renewToken)
iOS/macOS Join a Channel (joinChannelByToken) Renew the Token (renewToken)
Windows Join a Channel (joinChannel) Renew the Token (renewtoken)
Web Join an AgoraRTC Channel (join) Renew the Token (renewToken)