Understanding TURN REST API for coturn

[Andrew Judson]

I had a few questions about this option. I intend to use coturn solely as a TURN server for a WebRTC app when STUN fails.

1. I see that we are encoding the timestamp into a token, using the secret key. How long before that token is not valid? I didn't see an option to adjust whatever this interval is.

2. Do I need to explicitly do anything else server side to start using this besides setting "--static-auth-secret SECRET --use-auth-secret"? Not sure if I need to do anything with the database. I don't care about storing any sort of long term state or setting other permissions, just providing a way to do time limited access to the TURN server.

3. What should I set the realm to if I only want a single realm that everything can use?

4. Do I need to do anything client side besides including the server url, username (the timestamp) and temporary password we got from the HMAC'd secret in the iceservers object for the RTCPeerConnection? The README for the TURN REST API for coturn describes a series of steps after getting this temporary password - it isn't clear to me if this is something that the browser automatically handles, or that we need to manually write client side code to handle.

[Julio Spinelli]

Once you get the Unix time you add to it the time to live. Just make sure then clocks in the restbapi server and in the turn server are in sync or that you account for any offsets

You will find this question and answers illuminating.