Skip to main content
Version: iOS 1.0.12


In order to communicate with our infrastructure, you need to setup a session and initialize VideoKit with an API token for your App.

To enhance security, VideoKit supports two authentication mechanisms to verify users before accessing our video services: App ID or by Session Token.

API TokenOne Token for all requestsLow security since App Token needs to be shipped with your client builds and could be taken over by reverse engineering your build.
Session TokenEvery client gets their own session tokenHigh security because every client retrieves their own authentication token through your backend.

Get API Token for your App#

First, you need to access your secret API token that consists of your App ID and a specific Token for authenticating with our backend.

To retrieve your token, login to and navigate to Apps → Your App → API TOKEN.

API Token Authentication (less secure)#

Go to your AppDelegate and import VideoKitCore.

import VideoKitCore

Call VKSession.current.start from your AppDelegates didFinishLaunchingWithOptions:

func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplicationLaunchOptionsKey: Any]?) -> Bool {
apiToken: "",
identity: "a-unique-id-representing-the-user-or-device") { (sessionState, sessionData, error) in
if let error = error {
print("Session error.")
print("Session initialization successful.")

You should now be authenticated and ready to use VideoKit.

Please be aware that this authentication method is not secure and only recommended for development purposes. We recommend to only use the more secure Session Token Authentication in your production environment.

Session ID Authentication (more secure)#

Go to your AppDelegate and import VideoKitCore.

import VideoKitCore

Retreive Session Token from your Backend#

In order to generate a user session securely, you will need to implement a backend service that knows the API token and is in charge of your user's session management.

To get an idea of how it works, please take a look at our example written in Node.js:

// This code needs to be adapted to reflect your backend scenario
struct SessionResponse: Decodable {
var sessionToken: String
if let url = URL(string: "") {
URLSession.shared.dataTask(with: url) { data, response, error in
if let data = data {
do {
let res = try JSONDecoder().decode(SessionResponse.self, from: data)
let sessionToken = res.sessionToken
// Use session Token for sign in
} catch let error {

Sign in with Session Token#

VKSession.current.start(sessionToken: "retrieved-session-token")

Node.js Express backend example#

Here is a simple example using a Node.js express server:

const { VKitClient } = require('@video-io/videokit-nodejs')
const express = require('express')
const app = express()
const port = 3000
const vkit = new VKitClient({
appSecret: 'YOUR_APP_TOKEN'
app.get('/token', async (req, res) => {
const { sessionToken, expiresAt, identity } = await vkit.getSessionToken('END_USER_ID')
res.send(`{"sessionToken": ${sessionToken}`)
app.get('/', (req, res) => {
res.send('Session Service')
app.listen(port, () => {
console.log(` session service listening on http://localhost:${port}`)

Working example:

Last updated on by Mattia Iavarone