Skip to content

LiveKitAPI entrypoint, ability to use a token instead of api key/secret#695

Open
davidzhao wants to merge 5 commits into
mainfrom
dz/livekitapi
Open

LiveKitAPI entrypoint, ability to use a token instead of api key/secret#695
davidzhao wants to merge 5 commits into
mainfrom
dz/livekitapi

Conversation

@davidzhao

@davidzhao davidzhao commented Jul 4, 2026

Copy link
Copy Markdown
Member
  • added a LiveKitAPI class to reduce overhead of accessing services
  • ability to use token based auth instead of requiring API key/secret
  • full api smoke tests to ensure correct token permissions, request encoding
  • added SIPCallError
  • renamed error class to ServerError

- added a LiveKitAPI class to reduce overhead of accessing services
- ability to use token based auth instead of requiring API key/secret
- comprehensive api testing
- added SIPCallError
@changeset-bot

changeset-bot Bot commented Jul 4, 2026

Copy link
Copy Markdown

🦋 Changeset detected

Latest commit: 9d4c580

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
livekit-server-sdk Minor
agent-dispatch Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@davidzhao davidzhao requested review from 1egoman and lukasIO July 4, 2026 19:48

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

Open in Devin Review

devin-ai-integration[bot]

This comment was marked as resolved.

devin-ai-integration[bot]

This comment was marked as resolved.

The generated src/version.ts tripped the REUSE license check (no SPDX header)
and Prettier, and committing it isn't the repo convention — livekit-rtc
gitignores its generated version.ts. Gitignore and prettier-ignore it, untrack
it, and have the Test API workflow run `prebuild` to generate it before the
tests (the main CI test job already builds first, which generates it). Also fix
import ordering in TwirpRPC.test.ts.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
LiveKitAPI fell back to process.env.LIVEKIT_TOKEN unconditionally, so a token in
the environment silently shadowed an explicitly passed apiKey/secret (authHeader
sends a token verbatim, skipping signing). Only fall back to LIVEKIT_TOKEN when
no explicit credentials were given, and add a regression test.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
/** API secret. Falls back to the `LIVEKIT_API_SECRET` env var. */
secret?: string;
/** Pre-signed token, sent verbatim. Falls back to the `LIVEKIT_TOKEN` env var. */
token?: string;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a scenario in which we'd want to allow all three to be set together?
If not, it would be nice if the types reflect a "either keys or token" approach


readonly #agentDispatch: AgentDispatchClient;

readonly #connector: ConnectorClient;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: the livekit-server-sdk doesn't use # as private fields. They also have a couple of downsides. Would prefer these to be regular private fields

*
* @example
* ```ts
* const api = new LiveKitAPI('https://my.livekit.cloud', { apiKey, secret });

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: if all of host, key and secret can be set via env vars, I wonder why the API here pulls out the host to be its own parameter? (those three always come together in a bundle in our docs/sdks)

Comment on lines 55 to +59
async authHeader(grant: VideoGrant, sip?: SIPGrant): Promise<Record<string, string>> {
// A pre-signed token is sent verbatim; the caller is responsible for its grants.
if (this.token) {
return { Authorization: `Bearer ${this.token}` };
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: It might be nice to expose here some sort of event the caller can use to determine if the token is expired or not. And if it is expired, then give the caller the ability to potentially regenerate it before actually making the API request.

This sets the stage well for a future TokenSource type integration (once that is officially added to node) nicely.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants