Skip to content

Host protection


In the configuration file app/src/config.js, you can enable security measures for your video conferencing room using the following parameters:

  • host.protected: Set to true to require the host to provide a valid username and password during room initialization. Default is false.
  • host.user_auth: Set to true to enable user authentication for hosts. Default is false.
  • host.users: A JSON array containing user objects with usernames and passwords for valid users.

Example Configuration:

host: {
    protected: true,
    user_auth: false,
    users: [
        { username: 'username', password: 'password' },
        { username: 'username2', password: 'password2' },
        // Add more users as needed

Host Protection Logic:

If host.protected is set to true, the following logic applies:

  1. Host login with username and password is required.
  2. Upon successful login, the IP is saved as a valid authentication IP.
  3. After authentication, the host can create a room, join a room, and share the room link.
  4. All guests can join until the host logs out.
  5. When the host leaves the room or exits the browser, their IP is removed from valid auth IPs to prevent unauthorized access.
  6. To access it again, the host needs to provide a username and password.

If host.user_auth is set to true, additional authentication is required.


The token will be stored in your browser's window.sessionStorage.peer_token with a default expiration time of 1 hour, which can be specified in the app/src/config.js file or generated by API

Room Initialization

To bypass the login page and join a room, use the following URL with parameters:

Participant Room Entry

When host.protected is enabled:

Participants can join after host authentication using the URL path:

Alternatively, use query parameters for additional settings:

User Authentication for Participants:

When host.user_auth is enabled:

Participants will be prompted to log in before accessing the room


Participants can also join by directly accessing the URL path, bypassing the need for login credentials using the URL path:

Alternatively, use query parameters for additional participant settings: