Generate TURN credentials
Cloudflare will issue TURN keys, but these keys cannot be used as credentials with turn.cloudflare.com. To use TURN, you need to create credentials with a expiring TTL value.
Create a TURN key
To create a TURN credential, you first need to create a TURN key using Dashboard, or the API.
You should keep your TURN key on the server side (don’t share it with the browser/app). A TURN key is a long-term secret that allows you to generate unlimited, shoter lived TURN credentials for TURN clients.
With a TURN key you can:
- Generate TURN credentials that expire
- Revoke previously issued TURN credentials
Create credentials
You should generate short-lived credentials for each TURN user. In order to create credentials, you should have a back-end service that uses your TURN Token ID and API token to generate credentials. It will make an API call like this:
The JSON response below can then be passed on to your front-end application:
Use username and credential as follows when instantiating the RTCPeerConnection:
The ttl value can be adjusted to expire the short lived key in a certain amount of time. This value should be larger than the time you’d expect the users to use the TURN service. For example, if you’re using TURN for a video conferencing app, the value should be set to the longest video call you’d expect to happen in the app.
When using short-lived TURN credentials with WebRTC, credentials can be refreshed during a WebRTC session using the RTCPeerConnection
setConfiguration() API.
Revoke credentials
Short lived credentials can also be revoked before their TTL expires with a API call like this: