batondocs← SiteSign in
Integrations/Janus

Janus

Your server mints an ephemeral token from the credentials API and writes it into Janus's nat{} block. Refresh the token before its TTL expires.

Inject the ephemeral token

Fetch a token server-side (see the credentials API), then set Janus's TURN user/password to the returned username/credential. The long-lived API key stays on your server — it is never placed in janus.jcfg.

janus.jcfg — nat{}
nat: {
  turn_server = "relay.usebaton.io"
  turn_port = 443
  turn_type = "tcp"            # turns over TLS on 443
  # ephemeral token from POST /v1/credentials — refresh before TTL expiry
  turn_user = "1718200000:project_ab12"
  turn_pwd  = "<ephemeral-credential>"
}
Keep tokens fresh

Because tokens are short-lived, automate the rewrite-and-reload from a small server-side job that calls the credentials API on your chosen TTL. The API key is used only by that job, never written into Janus config.