Generate Credentials
Cloudflare will issue TURN keys, but these keys cannot be used as credentials with turn.cloudflare.com
. To use TURN, you need to create credentials with a expiring TTL value.
To create a TURN credential, you first need to create a TURN key using Dashboard ↗, or the API.
You should keep your TURN key on the server side (don't share it with the browser/app). A TURN key is a long-term secret that allows you to generate unlimited, shorter lived TURN credentials for TURN clients.
With a TURN key you can:
- Generate TURN credentials that expire
- Revoke previously issued TURN credentials
You should generate short-lived credentials for each TURN user. In order to create credentials, you should have a back-end service that uses your TURN Token ID and API token to generate credentials. It will make an API call like this:
The JSON response below can then be passed on to your front-end application:
Use username
and credential
as follows when instantiating the RTCPeerConnection
(note, iceServers
is now an array):
The ttl
value can be adjusted to expire the short lived key in a certain amount of time. This value should be larger than the time you'd expect the users to use the TURN service. For example, if you're using TURN for a video conferencing app, the value should be set to the longest video call you'd expect to happen in the app.
When using short-lived TURN credentials with WebRTC, credentials can be refreshed during a WebRTC session using the RTCPeerConnection
setConfiguration()
↗ API.
Short lived credentials can also be revoked before their TTL expires with a API call like this: