REST API calls must be authenticated using a custom HTTP header — X-OPENTOK-AUTH — along with a JSON web token. Create the JWT token with the following claims:

{

"iss": "your_api_key",

"ist": "project",

"iat": current_timestamp_in_seconds,

"exp": expire_timestamp_in_seconds,

"jti": "jwt_nonce"

}

Note: Prior to using JSON Web Tokens, OpenTok REST API calls were authenticated using a custom HTTP header: X-TB-PARTNER-AUTH with the value set to your OpenTok API key and API secret concatenated with a colon:

X-TB-PARTNER-AUTH: <api_key>:<partner_secret>

However, this form of authentication (using X-TB-PARTNER-AUTH) is deprecated, and you should now use JSON Web tokens for authentication. (Use of this deprecated form of authentication will expire in July 2017.)

REST API calls must be authenticated using a custom HTTP header: X-TB-PARTNER-AUTH. Send your API key and partner secret concatenated with a colon:

X-TB-PARTNER-AUTH: <api_key>:<partner_secret>