Search code examples
c#.netopentoktokbox

OpenTok TokBox: REST API access forbidden when starting a live streaming broadcast

Following the procedures outlined in the SDK docs.

Using .NET's WebRequest to make the API call. StatusCode "Forbidden" being returned along with additional message "Invalid issuer format".

What I'm not sure about is how I'm supposed to generate the token for the call. The instructions in the section I linked to simply say:

REST API calls must be authenticated using a custom HTTP header — X-OPENTOK-AUTH — along with a JSON web token. Create the JWT token with the following claims.

This led me to believe I was to use the JWT library of my choice to create the token. So I did. I used .NET's System.IdentityModel.Tokens.Jwt.

In the .NET section of the site, though, this appears:

You can generate a token either by calling an OpenTokSDK.OpenTok instance's GenerateToken... method, or by calling a OpenTokSDK.Session instance's GenerateToken... method after creating it.

Was that what I was supposed to do? Is that what's wrong?

I can include my code but no point if I've taken the wrong approach altogether.

Solution

  • TokBox Developer Evangelist here.

    There are two token concepts within the OpenTok API. One of the tokens is used to authenticate an OpenTok Session and the other is a JWT token used to authenticate each HTTP request you make from the server side.

    It looks like the token that you're trying to create is used to interact with the OpenTok REST API. Each request you make to the OpenTok REST API has to have a JWT token which is signed by your API Key and API Secret. The signing would look something like this:

    var payload = new Dictionary<string, object>
  {
    { "iss", "12321312" }, // apiKey
    { "ist", "project" },
    { "iat", now }, // current time
    { "exp", expiry } // current time + 300 seconds
  };

    You can use the GenerateJWT method in the OpenTok .NET SDK as reference. Alternatively, you can use the OpenTok .NET SDK to make the StartBroadcast request which would handle the JWT token creation for you.

    Lastly, to authenticate an OpenTok Session you have to use one of the OpenTok Server SDKs. Please note that tokens used to authenticate OpenTok Sessions are not created by any library.