Authentication & Tokens
There are two kinds of token:
- Management tokens authenticate server-side API calls. The client mints and refreshes them for you.
- Participant tokens are what a client app uses to join a room. You mint these and send them to the client.
Both are JWTs, signed locally with your secret. No network call is needed to create one.
Management tokens
Construct the client with your credentials and every request is authenticated automatically (roles: ["crawler"], version: 2):
- Node.js
- Go
const client = new VideoSDK({ apiKey, secret });
client, err := videosdk.NewClient(videosdk.WithAPIKey(apiKey), videosdk.WithSecret(secret))
The token is sent as a raw JWT in the Authorization header, with no Bearer prefix.
Participant tokens
Mint a participant token on your backend and pass it to the client SDK to join a room. Use the access-token builder:
- Node.js
- Go
const token = client
.accessToken()
.setParticipant("user-123")
.grant(Grant.AllowJoin, Grant.AllowMod)
.forRoom("abcd-efgh-ijkl")
.expiresIn("2h")
.toJwt();
b, err := client.AccessToken()
token, err := b.
SetParticipant("user-123").
Grant(videosdk.GrantAllowJoin, videosdk.GrantAllowMod).
ForRoom("abcd-efgh-ijkl").
ExpiresIn(2 * time.Hour).
ToJWT()
The builder sets the participant id, permission grants, an optional room scope, and expiry, then signs. Call forApi / ForAPI to build a management token instead.
Grants control what the participant may do:
| Grant | Meaning |
|---|---|
AllowJoin | Join the meeting directly. |
AskJoin | Request to join; a host admits them. |
AllowMod | Moderate others: toggle their mic/camera, remove them. |
Without a grant, the token defaults to allow_join and allow_mod.
Generate a token directly
Skip the builder when you just need a management token:
- Node.js
- Go
const apiToken = client.generateToken({ expiresIn: "1h" });
apiToken, err := client.GenerateToken()
Verify a token
Returns the decoded claims, or an authentication error if the token is invalid or expired:
- Node.js
- Go
const claims = client.verifyToken(token);
claims, err := client.VerifyToken(token)
Use a pre-generated token
Pass a token you already hold. The client uses it as-is and will not refresh it, so prefer an API key + secret for anything long-lived:
- Node.js
- Go
const client = new VideoSDK({ token });
client, err := videosdk.NewClient(videosdk.WithToken(token))
Paste any token into jwt.io to inspect its claims. For the full token model, see the authentication guide.
Got a Question? Ask us on discord

