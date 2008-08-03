Generate Credentials
Cloudflare will issue TURN keys, but these keys cannot be used as credentials with
turn.cloudflare.com. To use TURN, you need to create credentials with a expiring TTL value.
To create a TURN credential, you first need to create a TURN key using Dashboard ↗, or the API.
You should keep your TURN key on the server side (don't share it with the browser/app). A TURN key is a long-term secret that allows you to generate unlimited, shorter lived TURN credentials for TURN clients.
With a TURN key you can:
- Generate TURN credentials that expire
- Revoke previously issued TURN credentials
You should generate short-lived credentials for each TURN user. In order to create credentials, you should have a back-end service that uses your TURN Token ID and API token to generate credentials. It will make an API call like this:
The JSON response below can then be passed on to your front-end application:
Use
iceServers as follows when instantiating the
RTCPeerConnection:
The
ttl value can be adjusted to expire the short lived key in a certain amount of time. This value should be larger than the time you'd expect the users to use the TURN service. For example, if you're using TURN for a video conferencing app, the value should be set to the longest video call you'd expect to happen in the app.
When using short-lived TURN credentials with WebRTC, credentials can be refreshed during a WebRTC session using the
RTCPeerConnection
setConfiguration() ↗ API.
Short lived credentials can also be revoked before their TTL expires with a API call like this:
