How Can We Help?

Search for answers or browse our knowledge base.

Documentation | Demos | Support

Categories
< All Topics
Print

Software Notes

Posted
Updated
ByAmanda Paull

▪ User authentication is done using JSON Web Tokens (JWTs) that are verified by server on each request

▪ JWTs are digitally signed using HMAC SHA-256 to prevent forging

▪ JWTs come with short expiration dates and need to be refreshed regularly during a user session.

▪ JWTs are required for all secured server queries

▪ API calls are limited by user role authorization; user clients without proper roles cannot attempt API calls

▪ No Trust” policy with user interface code; back-end servers do not depend on client for any security ▪ WebRTC calls are encrypted on an end-to-end level

Table of Contents