Real-Time Communication (RTC) provides two methods to generate tokens. This topic describes how to generate tokens in the RTC console and on the application server.
Prerequisites
- RTC is activated. For more information, see Activate the service.
- An application is created. For more information, see Create an application.
- The application key is obtained. For more information, see Query AppKey.
Background information
A token is a security credential in the form of a signature, and is used to authenticate your identity and protect your cloud services from malicious parties. You need to specify AppID, UserID, ChannelId, Nonce, TimeStamp, GSLB, and Token when you invoke the function to join a channel. AppID is used to identify the application and UserID is used to identify the user. Token is calculated based on AppID and UserID by using the SHA256 encryption algorithm. This prevents malicious parties from forging a Token to gain access to your cloud services.
Usage notes
Tokens that are generated by using the console are temporary, and are usually used for testing. If you want to obtain an official token, use the server to generate one.
Generate a token in the console
- Log on to the Real-Time Communication RTC console.
- In the left-side navigation pane, click Development Tools. The Development Tools page is displayed.
- Optional:Generate a token.
- Click the Token Generator tab and configure the required parameters.
Parameter Description AppID The application ID. You can create and view application IDs on the Applications page in the RTC console. For more information, see Applications. AppKey The application key. You can query application keys on the Applications page in the console. For more information, see Query AppKey. ChannelId The ID of the channel. The ID must be 1 to 64 characters in length and can contain letters, digits, underscores (_), and hyphens (-). UserId The ID of the user. The ID must be 1 to 64 characters in length and can contain letters, digits, underscores (_), and hyphens (-). Nonce A random string. Nonces start with AK- and consist of letters and digits. Nonces can contain up to 64 characters. Example: AK-2b9be4b25c2d38c409c376ffd2372be1. TimeStamp The timestamp that indicates when the token expires. You can select 12 hours, 24 hours, 3 days, or 7 days. - Click Generate, and view the generated token.

- Click the Token Generator tab and configure the required parameters.
- Optional:Verify a token.
- Click the Token Verifier tab and configure the required parameters.
Parameter Description AppID The application ID. You can create and view application IDs on the Applications page in the RTC console. For more information, see Applications. AppKey The application key. You can query application keys on the Applications page in the console. For more information, see Query AppKey. ChannelId The ID of the channel. The ID must be 1 to 64 characters in length and can contain letters, digits, underscores (_), and hyphens (-). UserId The ID of the user. The ID must be 1 to 64 characters in length and can contain letters, digits, underscores (_), and hyphens (-). Nonce A random string. Nonces are issued by the application server. Nonces start with AK- and consist of letters and digits. Nonces can contain up to 64 characters. Example: AK-2b9be4b25c2d38c409c376ffd2372be1. TimeStamp The timestamp that indicates when the token expires. For example, 1560588594 indicates that the token expires at 16:49:54, June 15, 2019. Token The token that is used to join the channel. The token is generated by the application server. - Click Verify.
- If the verification is successful, you can join the channel to make a call.
- If the verification fails, check the parameters and the token issued by the application server.
- Click the Token Verifier tab and configure the required parameters.
Generate a token on the application server
We recommend that you generate the Token on the application server to ensure the security of the key used to generate your token. The following procedure describes how a token is generated on the application server.
- Before your application initializes RTC SDK, the application obtains a Token from the application server.
- The server calculates the Token based on the following formula.
token = sha256(appId + appKey + channelId + userId + nonce + timestamp) - The server returns the token to your application.
- Your application calls an API operation to send the token to RTC SDK.
- RTC SDK submits the token to Alibaba Cloud for verification.
- Alibaba Cloud receives and verifies the token.
- After the token is verified, you are granted access to the RTC service.
| Parameter | Description |
| AppID | The application ID. Application IDs are created in the RTC console. |
| UserID | The unique user ID that is generated by the application server. Each user can join only one active channel at any time. If a user attempts to join a channel by using two devices at the same time, the first device is dropped from the channel when the second device joins the channel. User IDs consist of letters and digits and can contain up to 64 characters. Example: 2b9be4b25c2d38c409c376ffd2372be1. |
| ChannelID | The channel ID that is generated by the application server. The ID cannot be 0. Duplicate channel IDs are not allowed. Channel IDs consist of letters, digits, and hyphens (-) and can contain up to 64 characters. Example: 181-218-3406. |
| Nonce | A random string that is generated by the application server. Nonces start with AK- and consist of letters and digits. Nonces can contain up to 64 characters. Example: AK-2b9be4b25c2d38c409c376ffd2372be1. |
| Timestamp | The timestamp that indicates when the token expires. For example, 1560588594 indicates that the token expires at 16:49:54, June 15, 2019. |
| Token | The token that is used to join the channel. The token is generated by the application server. The following formula is used to calculate the token: sha256(appId + appKey + channelId + userId + nonce + timestamp). |
| GSLB | The service endpoint. This parameter is an array. We recommend that you issue the service endpoint ["https://rgslb.rtc.aliyuncs.com"] to the client SDK through the application server instead of including the service endpoint in the client code. |
The SHA256 algorithm is used to generate the Token on the application server. The following items describe the functions that are invoked to generate a Token in different programs.
- Invoke the
CreateTokenfunction to generate tokens for programs that are developed in Go. For more information, see Golang Demo. - Invoke the
createTokenfunction to generate tokens for programs that are developed in Java. For more information, see Java Demo. - Invoke the
create_tokenfunction to generate tokens for programs that are developed in Python. For more information, see Python Demo. - Invoke the
CreateTokenfunction to generate tokens for programs that are developed in C#. For more information, see C# Demo. - Invoke the
CreateTokenfunction to generate tokens for programs that run on Node.js. For more information, see Nodejs Demo. - Invoke the
CreateTokenfunction to generate tokens for programs that are developed in PHP. For more information, see PHP Demo.