Accessing Platform

Accessing the Communications API Platform requires initializing the Client SDK with a client access token provided by the platform.

The client access token protects customers' conferences from unauthorized access and can be generated only by the platform via an application's authentication server and the client access token request. The request requires you to provide your API token and select the expiration time for your token, which must be in a range from 1 second to 24 hours. The expiration time informs the SDK how often a token, that has a limited period of validity for security reasons, should be refreshed. The SDK requests a new token from the platform after half of the token expiration time, three-quarters of the token expiration time, and when the token expires. In the client access token request, you can also provide a scope of access that the client access token should have and an external ID.

The initializeToken (Web, Flutter, React Native), initialize (iOS, Android), create (C++), and initAsync (.NET) methods save the received token and start token expiration timers. The methods require providing two parameters: the client access token received from the platform and the refresh token callback. The callback must be a function that requests a new token and returns the refreshed client access token when the token is incorrect or needs to be refreshed. In the case of Web, iOS, Android, React Native, and Flutter SDK, the callback uses the isExpired boolean parameter to inform whether the currently used client access token is expired.

VoxeetSDK.initializeToken(accessToken, async (isExpired) => {
  if (isExpired) {
    // The token expired
    throw "The access token has expired.";

  return await requestNewToken();
VoxeetSDK.shared.initialize(accessToken: accessToken) { refreshTokenClosure, isExpired in
  // The SDK calls this closure when the token needs to be refreshed.
  // Fetch a new access token and call the SDK’s refresh closure with the new token
  fetchToken { newToken in
VoxeetSDK.initialize(accessToken, (isExpired, callback) -> {
VoxeetSDK.initialize(accessToken) { _, callback -> callToRefreshToken(callback) }
auto sdk = dolbyio::comms::sdk::create(
        token, [](std::unique_ptr<dolbyio::comms::refresh_token>&& cb) {
          // store the 'cb' somewhere
          // trigger the request for the new token
          // when new token is available, pass to the cb:
          // (*cb)(new_token);
DolbyIOSDK sdk = new DolbyIOSDK();
await sdk.InitAsync("access_token", () => {
    return "new_access_token";
await DolbyioCommsSdk.instance.initializeToken(accessToken, () => {
  return requestNewToken();
await CommsAPI.initializeToken(accessToken, async () => {
  return requestNewToken();

In the case of Web, iOS, Android, React Native, and Flutter SDK, having an expired token in a conference allows participants to stay in the conference. However, calling any API while having an expired token causes a rejection of the API call on the platform side and triggers the refresh token callback. The C++ and .NET SDK do not trigger the callback and kick a participant who has an expired token out of the conference.

For more information, see the Client Authentication guide.