REST API calls must be authenticated using a custom HTTP header — X-OPENTOK-AUTH — along with a JSON web token. Create the JWT token with the following claims:
{
"iss": "your_api_key",
"ist": "project",
"iat": current_timestamp_in_seconds,
"exp": expire_timestamp_in_seconds,
"jti": "jwt_nonce"
}
Note: Prior to using JSON Web Tokens, OpenTok REST API calls were authenticated using a custom HTTP header: X-TB-PARTNER-AUTH with the value set to your OpenTok API key and API secret concatenated with a colon:
X-TB-PARTNER-AUTH: <api_key>:<partner_secret>
However, this form of authentication (using X-TB-PARTNER-AUTH) is deprecated, and you should now use JSON Web tokens for authentication. (Use of this deprecated form of authentication will expire in July 2017.)
REST API calls must be authenticated using a custom HTTP header: X-TB-PARTNER-AUTH. Send your API key and partner secret concatenated with a colon:
X-TB-PARTNER-AUTH: <api_key>:<partner_secret>