Symptom

Unable to create session via REST API or Server SDK, and a HTTP 403 (Forbidden) response was received, with an error message that reads, "Blank Token & Session ID error," or "-1 issued time cannot be greater than current time."

Applies To

• Vonage Video API
• JWT
• REST API
• Server SDK

Resolution

Begin by verifying that your credential details are correct using the Credential Validator. If your credentials are valid, continue with further steps.

Calling the OpenTok create session API requires adding a POST header field (X-OPENTOK-AUTH) with the value being a JSON web token (JWT) for authentication.

One of the claims of the JWT is iat, which is the issued at claim that identifies the time at which the JWT was issued. If the iat value is greater than current time, the JWT and the create session request would fail, resulting in an authentication error (403). Check the generation of the iat value on the machine doing the session creation.

There are different possible causes that may result in an invalid time value, such as:

• Error in machine's system time.
• Using the wrong time zone.
• Error in server code generating iat value.

However, if no changes were made to application code recently, then it is likely that the error was due to incorrect system time, which could have drifted over time or had been changed by some other process.

If the machine's system time has become inaccurate, you can consider syncing it with an accurate internet time server, for example, the NIST internet time server. For Mac or Linux OS, you can do this with the following command:

sudo ntpdate time.nist.gov

For time service on Windows, this article provides more information.