Can you lock Network Traversal Service tokens to specific domain?

04ngiaibnac0993
edited July 16 in Video & WebRTC

Hello.

I'm following the example at: https://www.twilio.com/docs/stun-turn/api in order to generate some tokens. These tokens are sent clientside and used to set up a webrtc video/audio/data connection.

I was wondering if there was a way to lock the generated tokens such that they can only be used for requests originating at a specific domain?

My concern is that someone could extract the tokens I send to the client (e.g. my-video-calls.com). They could then set up their own webrtc connection on a service they run (e.g. massive-file-sharing.com). They'd thus be able to "steal" my bandwidth while I bare the cost at Twilio. This does of course assume that the data would be passing through a TURN server.

Cheers,

Tagged:

Answers

Sign In or Register to comment.