Starter Deal! First 3 month from only  $9.9 /month!
Starter Deal! First 3 month from only  $9.9 /month!
Grab It Now 
Call
  • Overview
  • Web
    • Run Sample Demo
    • Integration
      • Web&H5 (React)
      • Web&H5 (Vue3)
    • AI Noise Suppression
    • Virtual Background
    • UI Customization
    • On-Cloud Recording
    • More Features
      • Configuring Nicknames and Avatars
      • Configure Resolution and Fill Mode
      • Group Call
      • Floating Window
      • Custom Ringtone
      • Monitoring Call Status
    • API Documentation
      • API Overview
      • TUICallKit
      • TUICallEngine
      • TUICallEvent
    • Server APIs
      • Call Status Callback
        • Call Status Callback
        • Call Event Callback
        • Callback Configuration
          • API List for Callback Configuration
          • Establishing Callback Configuration
          • Retrieving Callback Configuration
          • Update Callback Configuration
          • Remove Callback Configuration
      • REST API
        • Introduction to REST API
        • Retrieve records via callId
        • Retrieve Records Based on Conditions
    • Release Notes
  • Android
    • Run Sample Demo
    • Integration
    • AI Noise Suppression
    • Virtual Background
    • UI Customization
    • Offline Call Push
    • On-Cloud Recording
    • More Features
      • Configuring Nicknames and Avatars
      • Group Call
      • Floating Window
      • Custom Ringtone
      • Monitoring Call Status
    • API Documentation
      • API Overview
      • TUICallKit
      • TUICallEngine
      • TUICallObserver
      • Type Definition
    • Server APIs
      • Call Status Callback
        • Call Status Callback
        • Call Event Callback
        • Callback Configuration
          • API List for Callback Configuration
          • Establishing Callback Configuration
          • Retrieving Callback Configuration
          • Update Callback Configuration
          • Remove Callback Configuration
      • REST API
        • Introduction to REST API
        • Retrieve records via callId
        • Retrieve Records Based on Conditions
    • Release Notes
  • iOS
    • Run Sample Demo
    • Integration
    • AI Noise Suppression
    • Virtual Background
    • UI Customization
    • Offline Call Push
      • VoIP
      • APNs
    • On-Cloud Recording
    • More Features
      • Configuring Nicknames and Avatars
      • Group Call
      • Floating Window
      • Custom Ringtone
      • Monitoring Call Status
    • API Documentation
      • API Overview
      • TUICallKit
      • TUICallEngine
      • TUICallObserver
      • Type Definition
    • Server APIs
      • Call Status Callback
        • Call Status Callback
        • Call Event Callback
        • Callback Configuration
          • API List for Callback Configuration
          • Establishing Callback Configuration
          • Retrieving Callback Configuration
          • Update Callback Configuration
          • Remove Callback Configuration
      • REST API
        • Introduction to REST API
        • Retrieve records via callId
        • Retrieve Records Based on Conditions
    • Release Notes
  • Flutter
    • Run Sample Demo
    • Integration
    • AI Noise Suppression
    • Virtual Background
    • UI Customization
    • offline Call Push
      • Notification
      • VoIP (Optional)
    • On-Cloud Recording
    • More Features
      • Configuring Nicknames and Avatars
      • Group Call
      • Floating Window
      • Beauty Effects
      • Custom Ringtone
      • Monitoring Call Status
    • API Documentation
      • API Overview
      • TUICallKit
      • TUICallEngine
      • TUICallObserver
      • Type Definition
    • Server APIs
      • Call Status Callback
        • Call Status Callback
        • Call Event Callback
        • Callback Configuration
          • API List for Callback Configuration
          • Establishing Callback Configuration
          • Retrieving Callback Configuration
          • Update Callback Configuration
          • Remove Callback Configuration
      • REST API
        • Introduction to REST API
        • Retrieve records via callId
        • Retrieve Records Based on Conditions
    • Upgrading
    • Release Notes
  • Overview
    • Overview
  • Activate the Service
  • Pricing
    • Call Monthly Packages
    • Pay-As-You-Go
    • Free Minutes
  • ErrorCode
  • FAQs
    • All Platform
      • FAQs
      • UserSig
    • Web
    • Flutter
    • iOS
    • Android
Call

UserSig

What is UserSig?

UserSig is a security signature designed by Tencent Cloud to prevent attackers from accessing your Tencent Cloud account.
Currently, Tencent Cloud services including TRTC, Chat, and MLVB all use this security mechanism. To use these services, you must pass in three parameters - SDKAppID, UserID, and UserSig - to the initialization or login API of the corresponding SDK.
SDKAppID identifies an application.
UserID identifies a user.
UserSig is a security signature generated based on SDKAppID and UserID using the HMAC SHA256 encryption algorithm. Attackers cannot use your Tencent Cloud traffic as long as they don’t have UserSig.

Generate UserSig for Demo Run

Generate UserSig on Client Side

1. Get the SDKAppID and SDKSecretKey     1. Sign in to the TRTC console.     2. Find your application, and if not, create a new one.     3. Copy the SDKAppID and SDKSecretKey on Basic Information.



2. Generate UserSig We offer source code for generating UserSig on different platforms.
Platform
Code
Relative Path
Web
Github
TRTC_Web/quick-demo-js/js/libs/generateTestUserSig.js
iOS
GitHub
TRTC-API-Example-OC/Debug/GenerateTestUserSig.h
macOS
GitHub
OCDemo/TRTCDemo/TRTC/GenerateTestUserSig.h
Android
GitHub
TRTC-API-Example/Debug/src/main/java/com/tencent/trtc/debug/GenerateTestUserSig.java
Windows (C++)
GitHub
TRTC-API-Example-C++/TRTC-API-Example-Qt/src/Util/defs.h
Windows (C#)
GitHub
TRTC-API-Example-CSharp/TRTC-API-Example-CSharp/GenerateTestUserSig.cs
Flutter
Github
TRTC-API-Example/lib/Debug/GenerateTestUserSig.dart
We provide an open-source module called GenerateTestUserSig in the TRTC SDK sample code. Set the three member variables of SDKAPPID, EXPIRETIME, and SECRETKEY, and you will be able to call genTestUserSig() to generate the UserSig and get started quickly.



Generate UserSig on TRTC Console

2. Select your application (SDKAppID) from the drop-down list. A SecretKey will be generated automatically.
3. Input a UserID and click Generate.
Caution
Client-side UserSig generation are only suitable for debugging and running demo. It’s not recommended for official launch because SecretKey in the client code (especially on the web) may be easily decompiled and reversed. If your key is leaked, attackers can steal your Tencent Cloud traffic.
The correct method is to deploy the UserSig generation code on your project server so that your application can request from your server a UserSig that is generated whenever one is needed.

Generate UserSig on Server Side for Production Environment

In a production environment, server-side UserSig generation offers stronger protection against key leakage because it is more difficult to hack a server than it is to reverse engineer an application. See below for detailed steps:

1. Before your application calls the initialization API of the SDK, request UserSig from your server.
2. Your server will generate a UserSig based on the SDKAppID, SecretKey and UserID using the server code in the table below.
3. The server returns the UserSig to your application.
4. Your application sends the UserSig to the SDK through a specific API.
5. The SDK submits the SDKAppID, UserID and UserSig to the Tencent Cloud server for verification.
6. Tencent Cloud verifies the validity of the UserSig.
7. If the UserSig is valid, services will be provided to the TRTC SDK.



To simplify your implementation process, we provide UserSig generation source code (new algorithm) in multiple languages.
Language
Algorithm
Key API
Download Link
Java
HMAC-SHA256
genSig
GitHub
GO
HMAC-SHA256
GenSig
GitHub
PHP
HMAC-SHA256
genSig
GitHub
Node.js
HMAC-SHA256
genSig
GitHub
Python
HMAC-SHA256
genSig
GitHub
C#
HMAC-SHA256
GenSig
GitHub

UserSig Generation Source Code Using the Legacy Algorithm

To simplify the signature genertaion process and facilitate your use of Tencent Cloud services, on July 19, 2019, TRTC switched from ECDSA-SHA256 to the new signature algorithm HMAC-SHA256. This means that all applications (SDKAppID) created on and after July 19, 2019 will use the new HMAC-SHA256 algorithm.

If your application (SDKAppID) was created before July 19, 2019, you can continue to use the old signature algorithm, whose source code can be downloaded below.
Language
Signature Algorithm
Download Link
Java
ECDSA-SHA256
GitHub
C++
ECDSA-SHA256
GitHub
GO
ECDSA-SHA256
GitHub
PHP
ECDSA-SHA256
GitHub
Node.js
ECDSA-SHA256
GitHub
C#
ECDSA-SHA256
GitHub
Python
ECDSA-SHA256
GitHub