Use this SDK to manage LiveKit rooms and create access tokens from your JavaScript/Node.js backend.
[!NOTE] This is v2 of the server-sdk-js which runs in NodeJS, Deno and Bun! (It theoretically now also runs in every major browser, but that's not recommended due to the security risks involved with exposing your API secrets) Read the migration section below for a detailed overview on what has changed.
pnpm add livekit-server-sdk
yarn add livekit-server-sdk
npm install livekit-server-sdk --save
You may store credentials in environment variables. If api-key or api-secret is not passed in when creating a RoomServiceClient or AccessToken, the values in the following env vars will be used:
LIVEKIT_API_KEYLIVEKIT_API_SECRETCreating a token for participant to join a room.
import { AccessToken } from 'livekit-server-sdk';
// if this room doesn't exist, it'll be automatically created when the first
// client joins
const roomName = 'name-of-room';
// identifier to be used for participant.
// it's available as LocalParticipant.identity with livekit-client SDK
const participantName = 'user-name';
const at = new AccessToken('api-key', 'secret-key', {
identity: participantName,
});
at.addGrant({ roomJoin: true, room: roomName });
const token = await at.toJwt();
console.log('access token', token);
By default, the token expires after 6 hours. you may override this by passing in ttl in the access token options. ttl is expressed in seconds (as number) or a string describing a time span vercel/ms. eg: '2 days', '10h'.
It's possible to customize the permissions of each participant:
const at = new AccessToken('api-key', 'secret-key', {
identity: participantName,
});
at.addGrant({
roomJoin: true,
room: roomName,
canPublish: false,
canSubscribe: true,
});
This will allow the participant to subscribe to tracks, but not publish their own to the room.
RoomServiceClient gives you APIs to list, create, and delete rooms. It also requires a pair of api key/secret key to operate.
import { Room, RoomServiceClient } from 'livekit-server-sdk';
const livekitHost = 'https://my.livekit.host';
const svc = new RoomServiceClient(livekitHost, 'api-key', 'secret-key');
// list rooms
svc.listRooms().then((rooms: Room[]) => {
console.log('existing rooms', rooms);
});
// create a new room
const opts = {
name: 'myroom',
// timeout in seconds
emptyTimeout: 10 * 60,
maxParticipants: 20,
};
svc.createRoom(opts).then((room: Room) => {
console.log('room created', room);
});
// delete a room
svc.deleteRoom('myroom').then(() => {
console.log('room deleted');
});
The JS SDK also provides helper functions to decode and verify webhook callbacks. While verification is optional, it ensures the authenticity of the message. See webhooks guide for details.
LiveKit POSTs to webhook endpoints with Content-Type: application/webhook+json. Please ensure your server is able to receive POST body with that MIME.
Check out example projects for full examples of webhooks integration.
import { WebhookReceiver } from 'livekit-server-sdk';
const receiver = new WebhookReceiver('apikey', 'apisecret');
// In order to use the validator, WebhookReceiver must have access to the raw POSTed string (instead of a parsed JSON object)
// if you are using express middleware, ensure that `express.raw` is used for the webhook endpoint
// app.use(express.raw({type: 'application/webhook+json'}));
app.post('/webhook-endpoint', async (req, res) => {
// event is a WebhookEvent object
const event = await receiver.receive(req.body, req.get('Authorization'));
});
Because the jsonwebtoken lib got replaced with jose, there are a couple of APIs that are now async, that weren't before:
const at = new AccessToken('api-key', 'secret-key', {
identity: participantName,
});
at.addGrant({ roomJoin: true, room: roomName });
// v1
// const token = at.toJWT();
// v2
const token = await at.toJwt();
// v1
// const grants = v.verify(token);
// v2
const grants = await v.verify(token);
app.post('/webhook-endpoint', async (req, res) => {
// v1
// const event = receiver.receive(req.body, req.get('Authorization'));
// v2
const event = await receiver.receive(req.body, req.get('Authorization'));
});
Egress request types have been updated from interfaces to classes in the latest version. Additionally, oneof fields now require an explicit case field to specify the value type.
For example, to create a RoomComposite Egress:
// v1
// const fileOutput = {
// fileType: EncodedFileType.MP4,
// filepath: 'livekit-demo/room-composite-test.mp4',
// s3: {
// accessKey: 'aws-access-key',
// secret: 'aws-access-secret',
// region: 'aws-region',
// bucket: 'my-bucket',
// },
// };
// const info = await egressClient.startRoomCompositeEgress('my-room', {
// file: fileOutput,
// });
// v2 - current
const fileOutput = new EncodedFileOutput({
filepath: 'dz/davids-room-test.mp4',
output: {
case: 's3',
value: new S3Upload({
accessKey: 'aws-access-key',
secret: 'aws-access-secret',
bucket: 'my-bucket',
}),
},
});
const info = await egressClient.startRoomCompositeEgress('my-room', {
file: fileOutput,
});