Skip to main content

Overview

This guide provides comprehensive best practices for implementing the akool-streaming-avatar-sdk package securely and efficiently. When implementing a JavaScript SDK that interacts with sensitive resources or APIs, it is critical to ensure the security of private keys, tokens, and other sensitive credentials. Key Security Principles:
  • Never expose private keys in client-side code
  • Use short-lived session tokens
  • Delegate authentication to a backend server
  • Implement proper error handling and logging
  • Follow secure coding practices for real-time communication
Package Information:

Prerequisites

  • Get your Akool API Token from Akool Authentication API
  • Basic knowledge of backend services and internet security
  • Understanding of JavaScript and HTTP requests
  • Node.js 14+ (for development)
  • Modern browser with WebRTC support

Security Best Practices

1. Backend Session Management

❌ Never do this (Client-side token exposure):
✅ Do this instead (Secure backend delegation):

2. Backend Implementation Example

Create secure endpoints in your backend to handle sensitive operations:
  1. Sign up functions for steaming events and button click events:

Additional Resources