NEWDolby Interactivity APIs are now the Dolby.io Communications APIs Learn More >
X

Dolby.io Token Authorization with Netlify Functions

Rapidly build and deploy a serverless function to handle Token Authorization for your Dolby.io applications.

Overview

Features Tech Stack
  • One-click deployment to Netlify
  • Use environmental variables to secure API Keys
  • JavaScript
  • Netlify Functions

Key Concepts

Initialize the SDK with secure authentication

In this example, our token authentication is accomplished by a serverless function that uses an Authentication API to retrieve an access token on behalf of the front end. This process is more secure than directly passing your API secrets which could be exposed during production. Instead, the token authentication server securely passes a token that allows the conferencing app to make an API request on behalf of the user over an HTTPS encrypted connection. This prevents API secrets from leaking and offers a more secure experience for users.

The following diagram illustrates the workflow of the secure authentication model.

The examples shown use the API presented by the sample server for communication between the application and the Netlify serverless function. The examples assume that this communication is secure and the application is trusted. In a production scenario, the token service should be further restricted to your specific authenticated application.

Front end client application

With the secure token authentication set up on the serverless backend, the frontend client application can initialize the app with the secure token; and easily call the Dolby.io Communications Client SDKs allowing for access to all SDK functionality.

The code below highlights how the token is used to initialize the SDK:

// URL to our serverless Token function
const tokenUrl = '<* URL TO YOUR TOKEN SERVER ENDPOINT *>';

async function getTokenAndInitalize() {
    try {
        // Get the initial access token
        const accessToken = await getAccessToken();
        
        // Initialize the SDK
        VoxeetSDK.initializeToken(accessToken, getAccessToken);

        // SDK is initialized, now you can start conference, 
        // and other methods on the sdk.
    } catch (error) {
        console.error(error);
    }
}

 // This callback is called when the token needs to be refreshed.
async function getAccessToken() {
    try {
        const response = await fetch(tokenServerURL);
        const json = await response.json();
        return json.access_token;
    } catch (error) {
        console.error(error);
    }
}

Did this page help you?