Can you lock Network Traversal Service tokens to specific domain?

edited July 16 in Video & WebRTC


I'm following the example at: in order to generate some tokens. These tokens are sent clientside and used to set up a webrtc video/audio/data connection.

I was wondering if there was a way to lock the generated tokens such that they can only be used for requests originating at a specific domain?

My concern is that someone could extract the tokens I send to the client (e.g. They could then set up their own webrtc connection on a service they run (e.g. They'd thus be able to "steal" my bandwidth while I bare the cost at Twilio. This does of course assume that the data would be passing through a TURN server.




Sign In or Register to comment.