Question
How to protect the privacy of video sessions?
Applies To
- Video API
- Security
- Token
Answer
To protect the privacy of your customers:
1. Create a secure token
In order to authenticate a user connecting to a OpenTok session, a user's page must pass a token along with the API key. You generate a token for each user connecting to an OpenTok session. The tokens that enable the participants to join are unique to a session ID. The tokens have an expiry, but it may be longer than the duration of your call. Therefore, if you have consecutive meetings using the same session ID, earlier users may still be able to connect to the new meeting.
To avoid this:
- Generate a unique session ID for each new meeting
- Generate a unique token for each participant of that meeting.
2. Ensure server generating token is behind authenticated endpoint
- It is important to place the server generating the token behind an authenticated endpoint because anyone with access to that server could end up generating new tokens and could abuse the app to generate usage.
- Don't use personal information in token data.
The token data is a string containing metadata describing the connection. However, this data is passed to all users in the session and is also readable through the OpenTok client logs. This means you should never use unencrypted sensitive or personal information in the token data. See this topic on how to add data to your tokens.
3. Limit maximum number of users in a session
In order to have more control over the number of people in a session, your application should limit the maximum number of users in a session. This could be useful if you're trying to limit your usage.
4. Display subscriber count
- You may also wish to set up a subscriber count to display in your application. This is a useful way of knowing when a connection is subscribing but not publishing.
5. Set up Moderator permissions to force disconnect
- OpenTok platform provides the capability to remove a user from a session. For example, in case of violation of terms of services, you can enable the moderator in the session to remove the violating participant from the session via force disconnect or force unpublish.
6. Restricting traffic to regional servers
You can use the Regional Media Zones feature to route all media streams to media servers within a specified georegion.
In addition to restricting media traffic, you can use the EU Proxy feature to restrict non-media traffic to use servers within the European Union.
If you suspect any suspicious activity related to your account and your video session please let our Support Team know.
Articles in this section
- Unauthorized access to video sessions
- How to get copy of Service Agreement for Video API account?
- What security features does Vonage Video API implement?
- What are the implications of encryption on my app?
- Which TLS Cipher Suites are supported with the Vonage Video API?
- Where are the Media Encryption Keys created?