Token Generation Document
The token is generated by the combination of app_id, secretkey, channel_id, user_id, and timestamp
1. Splicing request parameters
app_id、secretkey 、channel_id、user_id、timestamp Perform stitching to generate BodyStr,Splicing rules:“app_id”+app_id+“channel_id”+channel+“timestamp”+timestamp+“user_id”+user_id
For example: app_id is ABC、secretkey is DEF、channel_id is 123456、user_id is tempuid、timestamp is 1594194452,The result is: app_idABCchannel_id123456timestamp1594194452user_idtempuid
Parameters | Description |
---|---|
app_id | Your corporate account’s AppID。 |
secretkey | The secretkey configured for your enterprise account, you can modify this configuration. |
channel_id | A string identifying the channel to be called, with the following range of supported character sets. 26 lowercase letters a-z 26 capital letters A-Z 10 numbers 0-9 Special characters:-_ |
user_id | Specify the ID of the user。 Note:: ASCII characters,Uniqueness needs to be guaranteed. |
timestamp | token Valid Time Stamp,The format is the number of seconds elapsed since 0000 hours on January 1, 1970。For example, if you set the timestamp to the current timestamp plus 600 seconds, the token will expire 10 minutes after it is generated. |
2. Encrypted Strings
Generate an irreversible encrypted token string secToken, with the following generation rules:
md5(md5(app_id+BodyStr) + md5(secretkey));
3. Add timestamps and combine
Put the secToken
and timestamp
generated in step 2 into the following map.
{
"token": "<SecToken in step 2>",
"timestamp": "<must be the same as the timestamp used in step 1>"
}
4. base64 encryption
Serialize the map in step 3 to a json string, then base64 process it.
5. Add a random string
The final token is obtained by stitching the result obtained in step 4 with a 16-bit random string as a mask, i.e., the result obtained in step 4 + “1234567890123456”.
Examples by language
Example of github token generation code by language: https://github.com/cloudhubrtc
Note: This token is generated by the user’s server side and cannot be placed directly on the client side, otherwise it affects security.