Advice please - how to call an api that authenticates and creates a room

Hi All,
Firstly - big thanks to Jitsi community - it’s a fab conferencing platform.

I have a self-hosted card game webite, and I have integrated a Jitsi iFrame which links to a self-hosted Jitsi server instance (Audio only). The purpose being to let players in a card game session to be able to chat whilst playing.

The above works well. The card game website creates a unique session id which is then used to define a “room” name which each player’s browser then connects with.

The downside of this arrangement is that the Jitsi server is setup to open a room without any security / password arrangement. I know I could enforce a password - but this too would be exposed to the user’s browser.

What I would prefer to do is:- Have my card game server backend send to my Jitsi server an authenticated request to create a “room”. Then I can pass the room id to the game clients and have them connect as per current practice. This would effectively prevent any annonemous rooms being created by any third parties.

At present, I host Jitsi on a different server than the game - but they could conveivably be hosted on one server.

Any ideas??

For that you can configure your deployment to use jwt tokens and lock it to be used only with those. This way your other server can create them and use the iframeApi to open the rooms with the generated jwt

Many thanks! I need to read up on jwt. Sounds like a good solution. :+1: