Troubleshooting Invalid JWT When Creating a Video Session using REST API

Symptom

When attempting to create a Vonage Video API session via REST API with POST header X-OPENTOK-AUTH with the value of a JSON web token (JWT) for authentication, you receive an HTTP 403 (Forbidden) response status code.

Applies To

  • Vonage Video API
  • REST API
  • JSON web token (JWT)
  • HTTP 403 response

Resolution

Creating a JWT with incorrect API Key and API Secret

Attempting to use a JWT created with the incorrect API key and API Secret for the X-OPENTOK-AUTH header would result in an HTTP 403 response from the REST API call used to create the session. An example of the error response messages are as follows:

Incorrect API Key

{"code":-1,"message":"Issuer not found","description":"Issuer not found"}

Incorrect API Secret

{"code":-1,"message":"Invalid signature","description":"Invalid signature"}

To avoid this, ensure that you are using the correct API key of your OpenTok project as defined in your Vonage Video API Account.


Creating a JWT with inaccurate "ist" claim value

Attempting to use a JWT created with the invalid "ist" claim value would result in an HTTP 403 response from the REST API call used to create the session.

"ist" is one of the JWT claims required to generate a valid JWT for an Opentok REST API call. This claim specifies whether the JWT is generated for a project or an account related REST method, it has two possible values, as explained in https://tokbox.com/developer/rest/#authentication. A common mistake would be to set the "ist" value to the name of your Vonage Video API project. An example of the error response message is as follows:

{"code":-1,"message":"Invalid signature","description":"Invalid signature"}

To avoid this, make sure to set the "ist" claim as "project" for the Opentok project REST call.

 "ist": "project"


Creating a JWT with incorrect "iat" claim value

One of the claims of the JWT is "iat" which is the "issued at" claim that identifies the time at which the JWT was issued. If the "iat" value is greater than the current time, the JWT and the create session request would fail, resulting in an authentication error (403).
More information about the "iat" claim is explained in Unable-to-create-session-even-though-API-key-and-secret-are-valid 

Additional Information

For more information on REST API and JWT, see the Vonage Video API REST API reference developer documentation.

Have more questions? Submit a request