Skip to main content
Android
iOS
macOS
Web
Windows
Flutter
Linux C++
Unity

RESTful authentication

Before using Signaling RESTful API, set up REST authentication. The following REST authentication methods are available:

  • Basic HTTP authentication

    Generate a Base64-encoded credential with the customer ID and customer secret provided by Agora and pass the credential with the Authorization parameter in the request header.

  • AccessToken2 authentication

    Fill in the Authorization field with agora token= followed by the Signaling SDK AccessToken2 generated from your server.

info

Implement authentication on the server to mitigate the risk of data leakage.

Implement basic HTTP authentication

Generate Customer ID and Customer Secret

To generate a set of customer ID and customer secret, do the following:

  1. In Agora Console, click Developer Toolkit > RESTful API.

    RESTful API

  2. Click Add a secret, and click OK. A set of customer ID and customer secret is generated.

  3. Click Download in the Customer Secret column. Read the pop-up window carefully, and save the downloaded key_and_secret.txt file in a secure location.

  4. Use the customer ID (key) and customer secret (secret) to generate a Base64-encoded credential, and pass the Base64-encoded credential to the Authorization parameter in the HTTP request header.

You can download the customer secret from Agora Console only once. Be sure to keep it secure.

Basic authentication sample code

The following sample code implements basic HTTP authentication and sends a request with the Server RESTful API to get the basic information of all current Agora projects.

package mainimport (  "fmt"  "strings"  "net/http"  "io/ioutil"  "encoding/base64")// HTTP basic authentication example in Golang using the <Vg k="VSDK" /> Server RESTful APIfunc main() {  // Customer ID  customerKey := "Your customer ID"  // Customer secret  customerSecret := "Your customer secret"  // Concatenate customer key and customer secret and use base64 to encode the concatenated string  plainCredentials := customerKey + ":" + customerSecret  base64Credentials := base64.StdEncoding.EncodeToString([]byte(plainCredentials))  url := "https://api.agora.io/dev/v1/projects"  method := "GET"  payload := strings.NewReader(``)  client := &http.Client {  }  req, err := http.NewRequest(method, url, payload)  if err != nil {    fmt.Println(err)    return  }  // Add Authorization header  req.Header.Add("Authorization", "Basic " + base64Credentials)  req.Header.Add("Content-Type", "application/json")  // Send HTTP request  res, err := client.Do(req)  if err != nil {    fmt.Println(err)    return  }  defer res.Body.Close()  body, err := ioutil.ReadAll(res.Body)  if err != nil {    fmt.Println(err)    return  }  fmt.Println(string(body))}

Implement token authentication

  1. Generate the token for your app.

  2. Enter the Signaling token and the Signaling user ID into the x-agora-token and x-agora-uid fields of the HTTP request header, respectively.

AccessToken2 authentication sample code

The following sample codes implement AccessToken2 authentication and send a request with the Signaling RESTful API to get Signaling user events.

package mainimport (        "fmt"        "io/ioutil"        "net/http")func main() {        if err := tokenAuthExamle(); err != nil {                panic(err)        }}// Token authentication example in Golang using the Signaling user events RESTful APIfunc tokenAuthExamle() error {        var (                // Signaling Token                tokenValue = "input the token value here"                // App ID                appID     = "input your app ID here"                urlstr    = fmt.Sprintf("https://api.agora.io/dev/v2/project/%s/rtm/vendor/user_events", appID)                authValue = fmt.Sprintf("agora token=%s", tokenValue)        )        // Create request object        req, err := http.NewRequest(http.MethodGet, urlstr, nil)        if err != nil {                return fmt.Errorf("failed to new http request, %w", err)        }        // Set Authorization header        req.Header.Set("Authorization", authValue)        req.Header.Set("Content-Type", "application/json")        // Send request        resp, err := http.DefaultClient.Do(req)        if err != nil {                return fmt.Errorf("failed to send request, %w", err)        }        defer resp.Body.Close()        // Read response body        body, err := ioutil.ReadAll(resp.Body)        if err != nil {                return fmt.Errorf("failed to read response body, %w", err)        }        // Respond status code        if resp.StatusCode/100 != 2 {                return fmt.Errorf("StatusCode(%d) != 2xx, %s", resp.StatusCode, string(body))        }        // Print response body        fmt.Println(string(body))        return nil}

Signaling