Unable to create session even though API key and secret are valid

Create session via REST API or Server SDK failed with HTTP 403.
Using the same API key and secret successfully created session and token on Playground.

Possible questions

  • We have been using Vonage / TokBox API for video session for the last 3 years. However, today, we are not able to connect sessions. We are getting “Blank Token & Session id error”.
  • We are unable to create session / token suddenly, without changing our code.
  • We are unable to connect to session. Everything was working well until now.
  • We cannot access the platform. Nothing changed on our side.

Context

Unable to create session via REST API or Server SDK, and a HTTP 403 (Forbidden) response was obtained, with an error message like the following:

-1 issued time cannot be greater than current time

Using OpenTok Playground tool to generate a session id and token with the same API key and secret was successful, thus demonstrating both API key and secret were valid.

Answer

Calling the OpenTok create session API requires adding a POST header field (X-OPENTOK-AUTH) with the value being a JSON web token (JWT) for authentication.

One of the claims of the JWT is "iat", which is the "issued at" claim that identifies the time at which the JWT was issued.
If the iat value is greater than current time, the JWT and the create session request would fail, resulting in an authentication error (403).

Please check the generation of the iat value on the machine doing the session creation.


There are different possible causes that may result in an invalid time value, such as:

  • Error in machine's system time.
  • Using the wrong time zone.
  • Error in server code generating iat value.

However, if no changes were made to application code recently, then it is likely that the error was due to incorrect system time, which could have drifted over time or had been changed by some other process.
If the machine's system time had become inaccurate, you can consider syncing it with an accurate internet time server, for e.g., the NIST internet time server.
For Mac or Linux OS, you may do this with the following command:

sudo ntpdate time.nist.gov

For time service on Windows, this article provides more information.

Have more questions? Submit a request