There are two ways to authenticate your key that are described below.

  1. Using CORS authentication (default)
  2. Using Credential authentication 

Using CORS authentication

Room session timeout: 24 hours

This allows your web application to authenticate based on the CORS domain it is accessing from.

To set it up:

1. Enter the domain which your web application will access from in the CORS url field of your Application Key created. (your platform field will need to be Web/Mobile Web)

2. In the init() method, you will just need to provide your Application Key


  appKey: "<% APP_KEY %>"


3. Access your web application based on the domain name for authentication. The user should be able to connect to the room, after this.

Note that the general room session timeout for each user who connects is 24 hours.

Using credentials authentication

Room session timeout: (user set)

This lets your web application authenticate based on user generated credentials provided, and also lets you set a room session timeout.

To set it up:

1. Copy the secret in the Application Key

2. Generate the credentials (which you can refer here in the init() method credentials.credentials field)

User will connect to the room instantly regardless of the startDateTime stamp provided if this is not a persistent room is not enabled.

3. In the init() method, you will need to provide your Application Key and the related credential information specified below.


  appKey: "<% APP_KEY %>",
  credentials: {
     startDateTime: "2016-02-07T09:12:41.630Z", // Date ISO string format
     duration: 2, // In hours
     credentials "xxxxxxxxxxxxx", // The generated credentials based off step 2


When the above authentications fail, the readyStateChange event will return the related error code and message for the failure. You can refer to the list of error codes here.