Using PlaybackGrant at Scale
We are no longer allowing new customers to onboard to Twilio Live. Effective November 30, 2023, Twilio Live will End of Life. We have created this Migration Guide to help you identify an alternative solution for your use case.
Overview
Some applications need to serve multiple concurrent authentication requests in a small time window. As explained in Limits, a very large number of concurrent requests to the PlaybackGrant endpoint may result in request throttling.
This guide describes how to generate playback grants at scale and avoid being throttled by the Twilio API. This solution leverages the capability of reusing the playback grant among different players and giving the grant a maximum allowed TTL of 60 seconds.
Contents
Get a playback grant
The grant must be generated as explained in PlaybackGrant
curl -X POST 'https://media.twilio.com/v1/PlayerStreamers/VJXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/PlaybackGrant' \
-u 'SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:your_api_key_secret' \
-d 'Ttl=60' \
-d 'AccessControlAllowOrigin=https://www.mydomain.com'
{
"url": "https://media.twilio.com/v1/PlayerStreamers/VJXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/PlaybackGrant",
"account_sid": "ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"sid": "VJXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"grant": "<the playback grant>",
"date_created": "2021-04-22T10:30:54Z"
}
Generate and sign a Twilio Access Token
The next step consists in generating and signing a Twilio Access Token with the grant obtained in the previous step. This token is consumed by the SDK in the frontend application to initialise the player.
The Twilio Access Token can be generated using any of the availiable Twilio Helper Libraries, depending on the programming language. What follows is an example on how to generate the token in Java.
com.twilio.jwt.Jwt token = new com.twilio.jwt.accesstoken.AccessToken.Builder(
$twilioAccountSid,
$twilioApiKey,
$twilioApiSecret
)
.identity($identity)
.grant(new PlayerGrant.Builder($playback\_grant).build());
Authentication at scale
For each player, the application has to generate a unique Twilio Access Token. However, the grant can be cached and reused as long as it remains valid.
Therefore, it is advised to cache and reuse a grant and generate multiple tokens with the same grant within its TTL. This way, the application can prevent being throttled by making multiple requests to Twilio API. As indicated in PlaybackGrant, the TTL of the grant can be defined by the application for up to 60 seconds.
Need some help?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.
