Overview
This document outlines two authentication methods for Tencent-RTC services, with a focus on UserSig, a security signature by Tencent Cloud to safeguard against unauthorized access. For basic cloud service usage, provide SDKAppID, UserID, and UserSig during SDK initialization or login.
SDKAppID is used to identify your application.
UserID is used to identify your user.
UserSig is a security signature calculated based on the first two using the HMAC SHA256 encryption algorithm. As long as attackers cannot forge the UserSig, they cannot steal your cloud service traffic.
How to calculate UserSig during the debugging phase?
you can calculate and obtain UserSig using either Client Sample Code or the Console. Please refer to the following introduction for details. Unsafe:
Note that the following two UserSig acquisition calculation schemes are only suitable for debugging. If the product is to be officially launched, using these schemes is not recommended because the SECRETKEY in the client code (especially on the Web) is easily vulnerable to decompilation and reverse engineering.
Client calculation of UserSig
1. Get SDKAPPID and Key:
Log in to Tencent-RTC Console > App Management.
Locate the app with the desired SDKAppID, click its name for details.
Click on SDKSecretKey to reveal and copy.
2. Calculate UserSig:
To facilitate client use, we provide source files for calculating UserSig on various platforms. You can download and use them directly:
Android | iOS | Web | Windows(C++) | Windows(C#) | Flutter | Mac |
| | | | | | |
The sample code is as follows (of course, you can also refer to the demo projects of our products, see the development documentation of each product):
import com.xxx.xxx.GenerateTestUserSig;
GenerateTestUserSig.SDKAPPID = xxxxxx;
GenerateTestUserSig.SECRETKEY = "xxxxxx";
String userSig = GenerateTestUserSig.genTestUserSig("userID");
#import "GenerateTestUserSig.h"
[GenerateTestUserSig setSDKAPPID:xxxxxx];
[GenerateTestUserSig setSECRETKEY:@"xxxxxx"];
NSString *userSig = [GenerateTestUserSig genTestUserSig:@"userID"];
<script src='js/libs/lib-generate-test-usersig.min.js'></script>
<script src='js/libs/generateTestUserSig.js'></script>
const {sdkAppId, userSig } = genTestUserSig({
sdkAppId: xxxxxx,
userId: 'xxxxxx',
sdkSecretKey: 'xxxxxx',
}
#include "GenerateTestUserSig.h"
const int SDKAPPID = xxxxxx;
const char* SECRETKEY = "xxxxxx";
const char* userSig = GenerateTestUserSig::genTestUserSig("userID", SDKAPPID, SECRETKEY);
using GenerateTestUserSig;
GenerateTestUserSig.SDKAPPID = xxxxxx;
GenerateTestUserSig.SECRETKEY = "xxxxxx";
string userSig = GenerateTestUserSig.GetInstance().GenTestUserSig("userID");
// Step 1: Import the source file
import 'package:xxx/GenerateTestUserSig.dart';
// Step 2: Fill in the SDKAppID and SDK key obtained from the previous steps
GenerateTestUserSig.SDKAPPID = xxxxxx;
GenerateTestUserSig.SECRETKEY = "xxxxxx";
// Step 3: Generate userSig based on userID
String userSig = GenerateTestUserSig.genTestUserSig("userID");
#import "GenerateTestUserSig.h"
[GenerateTestUserSig setSDKAPPID:xxxxxx];
[GenerateTestUserSig setSECRETKEY:@"xxxxxx"];
NSString *userSig = [GenerateTestUserSig genTestUserSig:@"userID"];
Get UserSig from the console
Log in to Tencent-RTC Console, navigate to Development Tools > UserSig Tools. Under the UserSig Generation Tool, select the corresponding SDKAppID and UserID.
Click the Generate button to compute the corresponding UserSig.
During the official operation phase, Tencent-RTC provides a more secure server-side UserSig calculation solution. This maximizes the protection of the key used to calculate UserSig from being leaked, as compromising a server is more difficult than reverse engineering an app. The specific implementation process is as follows:
1. Before your app calls the SDK initialization function, it must first request UserSig from your server.
2. Your server calculates UserSig based on SDKAppID and UserID. Refer to the first part of the documentation for the source code.
3. The server returns the calculated UserSig to your app.
4. Your app passes the obtained UserSig to the SDK via a specific API.
5. The SDK submits SDKAppID + UserID + UserSig
to Tencent CVM for verification.
6. Tencent Cloud verifies UserSig to confirm its validity.
7. After verification, Tencent-RTC services will be provided to the Tencent-RTC SDK.
To simplify your implementation process, we provide UserSig Calculation Source Code and examples in multiple language versions:
|
Java | HMAC-SHA256 | | |
GO | HMAC-SHA256 | | |
PHP | HMAC-SHA256 | | |
Node.js | HMAC-SHA256 | | |
Python | HMAC-SHA256 | | |
C# | HMAC-SHA256 | | |
Was this page helpful?