Can you lock Network Traversal Service tokens to specific domain?
I'm following the example at: https://www.twilio.com/docs/stun-turn/api in order to generate some tokens. These tokens are sent clientside and used to set up a webrtc video/audio/data connection.
I was wondering if there was a way to lock the generated tokens such that they can only be used for requests originating at a specific domain?
My concern is that someone could extract the tokens I send to the client (e.g.
my-video-calls.com). They could then set up their own webrtc connection on a service they run (e.g.
massive-file-sharing.com). They'd thus be able to "steal" my bandwidth while I bare the cost at Twilio. This does of course assume that the data would be passing through a TURN server.
- 20 All Categories
- 107 Product Discussions
- 5 Community - Announcements
- 1 Changelog
- 3 Forum UI Updates
- 6 Welcome Guide
- 4 Community - Events
- 1 External Community Events
- 2 Twilio Relay Developer Conference 2021 Mega Thread
- 1 TwilioQuest Contest!
- 4 Inspiration
- 1 Community - Other Discussions
- Community- Twilio Startups