Symptom
When attempting to create a Vonage Video API session via REST API with POST header X-OPENTOK-AUTH with the value of a JSON web token (JWT) for authentication, you receive an HTTP 403 (Forbidden) response status code.
Applies To
- Vonage Video API
- REST API
- JSON web token (JWT)
- HTTP 403 response
Resolution
Creating a JWT with incorrect API Key and API Secret
Attempting to use a JWT created with the incorrect API key and API Secret for the X-OPENTOK-AUTH header would result in an HTTP 403 response from the REST API call used to create the session. An example of the error response messages are as follows:
Incorrect API Key
{"code":-1,"message":"Issuer not found","description":"Issuer not found"}
Incorrect API Secret
{"code":-1,"message":"Invalid signature","description":"Invalid signature"}
To avoid this, ensure that you are using the correct Project API key and API Secret of your OpenTok project as defined in your Vonage Video API Account.
Creating a JWT with inaccurate "ist" claim value
Attempting to use a JWT created with the invalid "ist" claim value would result in an HTTP 403 response from the REST API call used to create the session.
"ist" is one of the JWT claims required to generate a valid JWT for an Opentok REST API call. This claim specifies whether the JWT is generated for a project or an account related REST method, it has two possible values, as explained in Rest API Authentication. A common mistake would be to set the "ist" value to the name of your Vonage Video API project. An example of the error response message is as follows:
{"code":-1,"message":"Invalid signature","description":"Invalid signature"}
To avoid this, make sure to set the "ist" claim as "project" for the Opentok project REST call.
"ist": "project"
Creating a JWT with incorrect "iat" claim value
One of the claims of the JWT is "iat" which is the "issued at" claim that identifies the time at which the JWT was issued. If the "iat" value is greater than the current time, the JWT and the create session request would fail, resulting in an authentication error (403).
More information about the "iat" claim is explained in Unable-to-create-session-even-though-API-key-and-secret-are-valid
Additional Information
For more information on REST API and JWT, refer to the Vonage Video API REST API reference developer documentation.
Click here for more information on our Vonage Video API Unified Environment Server SDKs.
Articles in this section
- Why Is My Video Camera Displaying a 4:3 Aspect Ratio Instead of 16:9 When Publishing in HD OR FHD resolution (1280x720)?
- How to use Completion handler for Exception Handling
- Firefox Pre-call test not supported
- Error Creating Session Using Vonage Video API .NET SDK
- Unable to Create Session Even Though API Key and Secret Are Valid
- HTTP 415 Error When Archiving Video Session
- Troubleshooting Invalid JWT When Creating a Video Session using REST API
- Camara Still in Use after Session Disconnect on Android
- Token Shows as Invalid
- HTTP 400 Error When Archiving Video Session