Skip to main content
Android
iOS
macOS
Web
Linux C++
Unity

RESTful authentication

Before using Signaling RESTful API, set up REST authentication. The following REST authentication methods are available:

  • Basic HTTP authentication

    Generate a Base64-encoded credential with the customer ID and customer secret provided by Agora and pass the credential with the Authorization parameter in the request header.

  • AccessToken2 authentication

    Fill in the Authorization field with agora token= followed by the Signaling SDK AccessToken2 generated from your server.

info

Implement authentication on the server to mitigate the risk of data leakage.

Implement basic HTTP authentication

Generate Customer ID and Customer Secret

To generate a set of customer ID and customer secret, do the following:

  1. In Agora Console, click Developer Toolkit > RESTful API.

    RESTful API

  2. Click Add a secret, and click OK. A set of customer ID and customer secret is generated.

  3. Click Download in the Customer Secret column. Read the pop-up window carefully, and save the downloaded key_and_secret.txt file in a secure location.

  4. Use the customer ID (key) and customer secret (secret) to generate a Base64-encoded credential, and pass the Base64-encoded credential to the Authorization parameter in the HTTP request header.

You can download the customer secret from Agora Console only once. Be sure to keep it secure.

Basic authentication sample code

The following sample code implements basic HTTP authentication and sends a request with the Server RESTful API to get the basic information of all current Agora projects.

import java.io.IOException;import java.net.URI;import java.net.http.HttpClient;import java.net.http.HttpRequest;import java.net.http.HttpResponse;import java.util.Base64;// HTTP basic authentication example in Java using the <Vg k="VSDK" /> Server RESTful APIpublic class Base64Encoding {    public static void main(String[] args) throws IOException, InterruptedException {        // Customer ID        final String customerKey = "Your customer ID";        // Customer secret        final String customerSecret = "Your customer secret";        // Concatenate customer key and customer secret and use base64 to encode the concatenated string        String plainCredentials = customerKey + ":" + customerSecret;        String base64Credentials = new String(Base64.getEncoder().encode(plainCredentials.getBytes()));        // Create authorization header        String authorizationHeader = "Basic " + base64Credentials;        HttpClient client = HttpClient.newHttpClient();        // Create HTTP request object        HttpRequest request = HttpRequest.newBuilder()                .uri(URI.create("https://api.agora.io/dev/v1/projects"))                .GET()                .header("Authorization", authorizationHeader)                .header("Content-Type", "application/json")                .build();        // Send HTTP request        HttpResponse<String> response = client.send(request,                HttpResponse.BodyHandlers.ofString());        System.out.println(response.body());    }}

Implement token authentication

  1. Generate the token for your app.

  2. Enter the Signaling token and the Signaling user ID into the x-agora-token and x-agora-uid fields of the HTTP request header, respectively.

AccessToken2 authentication sample code

The following sample codes implement AccessToken2 authentication and send a request with the Signaling RESTful API to get Signaling user events.

import java.io.IOException;import java.net.URI;import java.net.http.HttpClient;import java.net.http.HttpRequest;import java.net.http.HttpResponse;// Token authentication example in Java using the Signaling user events RESTful APIclass TokenAuthExample {    public static void main(String[] args) throws IOException, InterruptedException {        // Signaling token        final String tokenValue = "input your token value here";        // App ID        final String appID = "input your app ID here";        String urlStr = String.format("https://api.agora.io/dev/v2/project/%s/rtm/vendor/user_events", appID);        String authValue = String.format("agora token=%s", tokenValue);        // Create request object        HttpRequest request = HttpRequest.newBuilder()                .uri(URI.create(urlStr))                .GET()                .header("Authorization", authValue)                .header("Content-Type", "application/json")                .build();        // Send request        HttpClient client = HttpClient.newHttpClient();        HttpResponse<String> response = client.send(request,                HttpResponse.BodyHandlers.ofString());        System.out.println(response.body());    }}

Signaling