search

AgoraIO / AgoraRtcEngine_iOS

iOS Package for Agora Video RTE SDK. Perfect for video calls and live streaming.
https://agoraio.github.io/AgoraRtcEngine_iOS/
MIT License
58 stars 17 forks source link

AppID on client side #22

Closed nitsanasraf closed 2 years ago

nitsanasraf commented 2 years ago

To initialize the agora kit engine I need to call this method on the client side: AgoraRtcEngineKit.sharedEngine(withAppId: APP_ID, delegate: self) But what if I want to store my APP_ID on the server side, and not send it to the client side in order to protect my API keys? Can it be achieved?

plutoless commented 2 years ago

of course. you can request from your server your appid and use that to initialize your rtc engine instance. to achieve better security, take a look at here https://docs.agora.io/en/live-streaming-premium-legacy/token_server?platform=iOS

nitsanasraf commented 2 years ago

@plutoless yes that’s what I’m doing at the moment. The issue is that the endpoint on the server for requesting the appid could be compromised and this could lead to my keys being stolen, that’s why I was wondering if there’s a way to not need the appid at all at the client side which will reduce the risk of stealing my api keys

plutoless commented 2 years ago

as i mentioned above, you can use token approach which is more secure compared to appid approach

nitsanasraf commented 2 years ago

Oh sorry, didn’t catch that. thank you !