Authorization tokens have several key arguments that you would use, so we have decided to keep the section dedicated to them only.

These arguments are as follows:

  1. expiration_date
  2. usage_expiration_time
  3. session_limit
  4. grants


This is optional parameter that you can use to set on which date the authorization token should expire.


For how many seconds do you want the session to exist for?


This is another optional parameter. It determines how many sessions can be created using the same token.

What is a session?

Session is created upon each opening or refresh of the page, however if you copy the link when it is created, and use it, that same link will not use the session limitation. What this means is if you get 1 link and save it. Even if you were to open it 10 times, it would still seem as if it was used only once - so it would never expire because of it (unless combined by other parameter such as usage_expiration_time.


Unlike the other parameters, this one is always required since it is the one that determines what the authorization token is for and how it would behave.

As such it has its own sub arguments and resources that you would use and for that reason this is associative array.

Grants arguments

  1. read
    • Grant reading on certain resources (optional)
  2. destroy
    • Grant deleting certain resources (optional)
  3. create
    • Grant video creation (optional)
  4. update
    • Grant rerecording of certain resources (optional)

Each of them (read, destroy, create and update) have their own arguments to allow you to fine tune the authorization tokens to your liking.

They are as follows:

  • resources
    • Explicit array holding strings of video tokens (optional).
    • These tokens tell us on which video(s) do we want to apply the action. Due to the same the token would only be available for that specific list of videos and for the specific action(s) set.
  • session_owned
    • When this boolean (true or false) argument is set to true, it will allow access to all video objects (videos and its/theirs streams) created during the same session (optional).
  • all
    • gives access to all video resources.
    • Boolean value attribute (can be true or false), also optional.

There are also few other arguments that you can or would use.

These arguments are as follows:

  1. volatile
  2. token
  3. nonce


Determines if this auth token object would be deleted or not if it was to remain empty. What this means is that you could create empty authorization tokens. Usually you would not need them since they do not do anything and this allows you to keep them deleted if so.


This is server-sdk token identifier. The reason why it is called server-side is because it is created on our server and you add it to your embedding when needed, or it is created on your own server, and used after communicating about it with our server.


This is client-side token identifier. The reason why it is called client-side is because it is created on your own server without communicating with our servers. For that reason it is considered client side token. Event though it was not communicated to our servers, it is still possible for us to know that it is OK and allow you to use it.