RTC provides two ways to generate tokens. Read this article to learn how to generate tokens in the console and on the server.

Prerequisites

Background information

A token is a security signature designed by Alibaba Cloud to prevent malicious attackers from using your cloud services. You need to provide the AppID, UserID, ChannelId, Nonce, TimeStamp, GSLB, and Token information in the login function of the corresponding SDK. The AppID is used to identify your application, the UserID is used to identify your users, and the Token is calculated based on the SHA256 encryption algorithm. Therefore, it is difficult for attackers to steal your cloud service traffic by using fake Token.

Supported in the console

  1. Log on to the Real-Time Communication RTC console.
  2. In the left-side navigation pane, click Development tools.
  3. Optional:Generate a token.
    1. Click the Token Generator tab and set the required parameters.
      Parameter Description
      AppID The ID of the application. You can create and view the ID of the application on the Application Management page. For more information, see Applications.
      AppKey The application key. You can query the application key on the Application Management page in the console. For more information, see Query AppKey.
      ChannelId The ID of the channel. The name can contain 1 to 64 letters, digits, underscores (_), and hyphens (-).
      UserId The ID of the user. The name can contain 1 to 64 letters, digits, underscores (_), and hyphens (-).
      Nonce Random code. It starts with the prefix AK-and can contain uppercase and lowercase letters and digits. It can be up to 64 bytes in size. Example: AK-2b9be4b25c2d38c409c376ffd2372be1.
      TimeStamp The timestamp when the PolarDB-X instance expires. You can select 12 hours, 24 hours, 3 days, and 7 days, which represent the validity time of the token.
    2. Click Generate to view the generated token.
      Generate Token
  4. Optional:The verification token.
    1. Click the Token Verifier tab and set the required parameters.
      Parameter Description
      AppID The ID of the application. You can create and view the ID of the application on the Application Management page. For more information, see Applications.
      AppKey The application key. You can query the application key on the Application Management page in the console. For more information, see Query AppKey.
      ChannelId The ID of the channel. The name can contain 1 to 64 letters, digits, underscores (_), and hyphens (-).
      UserId The ID of the user. The name can contain 1 to 64 letters, digits, underscores (_), and hyphens (-).
      Nonce The random code, which is issued by the AppServer. It starts with the prefix AK-and can contain uppercase and lowercase letters and digits. It can be up to 64 bytes in size. Example: AK-2b9be4b25c2d38c409c376ffd2372be1.
      TimeStamp The expiration timestamp. For example, 1560588594 indicates that the expiration time is 2019-06-15 16:49:54.
      Token The token to add to the channel, which is generated by the AppServer.
    2. Click Verify.
      • If the verification is successful, you can join the channel to make a call.
      • The error message returned because the verification failed. Re-check the parameters and the token information sent by the server.

Supported on the server

Compared with the token generated in the console, the Token generated by the server can ensure that the key of the token is not leaked to the maximum extent. The specific process is as follows:

  1. Before calling the initialization function of the SDK, your app must first request a Token from your server.
  2. Your server calculates the Token based on the following parameters.
    token = sha256(appId + appKey + channelId + userId + nonce + timestamp)
  3. The server returns the calculated authentication information to your App.
  4. Your App passes the obtained authentication information to the SDK through a specific API.
  5. The SDK submits the authentication information to the Alibaba Cloud server for verification.
  6. Alibaba Cloud verifies the authentication information to confirm the validity.
  7. After the verification is passed, you can start to provide real-time audio and video services.
Parameter Description
AppID The ID of the application, which is created in the console.
UserID Your unique identifier, which is generated by the AppServer. If a user with the same UserId logs in at another end, the end that joins the meeting first will be kicked out of the room by the end that joins the meeting later. It can contain letters and digits, and can contain up to 64 bytes. for example, 2b9be4b25c2d38c409c376ffd2372be1.
ChannelID The channel ID, which is generated by the AppServer. You cannot set the ChannelID parameter to 0, and the ChannelID parameter cannot be repeated. You must keep the ChannelID unique. It can contain letters, digits, and hyphens (-). It can contain up to 64 bytes. for example, 181-218-3406.
Nonce The random code of the token, which is generated by the AppServer. It starts with the prefix AK-and can contain uppercase and lowercase letters and digits. It can be up to 64 bytes in size. Example: AK-2b9be4b25c2d38c409c376ffd2372be1.
Timestamp The timestamp when the token expires. For example, 1560588594 indicates that the token expires at 16:49:54 on June 15, 2019.
Token The token to add to the channel, which is generated by the AppServer. The actual algorithm is sha256(appId + appKey + channelId + userId + nonce + timestamp).
GSLB The service address. This parameter is of the array type. Currently, use:["https://rgslb.rtc.aliyuncs.com"]. Please send it to the client SDK through the service server. We recommend that you do not solidify the address in the client code.

The signature algorithm of the generated Token on the server is SHA256. For more information, see the following version of the generated Token function:

  • For more information about Golang program instances, see CreateToken functions. For more information, see Golang Demo.
  • For more information about Java program instances, see createToken functions. For more information, see Java Demo.
  • For more information about Python program instances, see create_token functions. For more information, see Python Demo.
  • For more information about C# program instances, see CreateToken functions. For more information, see C# Demo.
  • For more information about Nodejs instances, see CreateToken functions. For more information, see Node.js Demo.
  • For more information about PHP instances, see CreateToken functions. For more information, see PHP Demo.