Skip to main content

Private Rooms and Authenticating users via access token

In this guide, we will explain how you can create a private meeting room and authenticate users via access tokens.

In this guide, we will explain what are private and public meetings are, what are access tokens and how to generate them and authenticate the users with them.


Public rooms are the rooms that anyone can join.

Private rooms require an access token to join.

Access Tokens can be generated via the Metered REST API and can also be used to add special metadata to each user like externalUserId or some other meta info in key-value pairs.

Request to Join mode when enabled in a room, allows a user without an access token to request admin users in a meeting to allow them to join a private meeting.


If you haven't already read the, Advanced SDK guide please read it first and then come back to this article.

What are public and private rooms

Public rooms

Public rooms are the rooms that anyone can join and they do not require any authentication.

When you call the create room API without any parameters, the room that is created is public by default.

You can make the user join the public room by simply calling the join() method and passing just the name in the Metered Javascript SDK.

Private Rooms

Private rooms require an accessToken to join.

You can create a private room by calling create room API and setting the privacy parameter to private.

You can also create private rooms through the dashboard.

When you call the join(options) method on a private room without passing an accessToken it will result in an error. We will explain in a bit how to generate accessToken.

How to create private rooms

Private Rooms can be created through the dashboard or through the REST API.

a. Creating private room through the dashboard

You can create a private room by logging into your dashboard, click on the "Create Room" button, and on the create room page, set the Privacy Setting to Private.

private_room_dashboard.png Create Room page with Private Privacy Setting

b. Creating private room through the REST API

Private room can also be created using the REST API. In create room API call we will call the privacy key to private.


curl --request POST \
--url '{Your_secret_key}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{ "privacy": "private" }'

What is an access token

The access token is a JSON web token, and it contains info about the user. Access tokens can be created that can be used to join any meeting in your Metered app or they can be restricted to rooms.

If you create a global token then the user can join any room in the app using the global token.

If you create a room-specific token, then the user can join only the room for which the token is created.

Generating Access token

Access tokens can be generated using the create access token api.

curl --request POST \
--url \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{"globalToken":true}'

Authenticating using the access token

Authenticating using the access tokens is very simple, instead of passing the name parameter to the join(options) , just pass the accessToken property.


const meeting = new Metered.Meeting();
const meetingInfo = await meeting.join({
roomURL: "",
accessToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7Imdsb2JhbFRva2VuIjp0cnVlLCJhcHBOYW1lIjoiaHlwcmhvc3QifSwiaWF0IjoxNjI3NzcwNDI2fQ.mVkFCexiE9UFHN8ujvsEVmXLllu2dXmF--4PzBFYjDY"

Validating the token without joining the meeting

If you want to check whether the token is valid then you can check it by calling the validate access token API.

This API decodes the token and returns the JSON in response if the auth token is valid, if the auth token is invalid it returns an error message, that auth token is invalid.

Access Token Available properties

isAdminBy setting this property as true the user who will join the meeting using the token will become and an adminbooleanNO
roomNameIf you want to restrict the token to a particular room then set this property. If it is not set then global token will be createdstringNO
globalTokenIf you want to create a global token that works across all the rooms in the app set this property to truebooleanNO
nameName of user. When user joins the meeting with the token, the value of this property would be set as the namestringNO
emailEmail you want to set for the user. This value will be associated with participant session, also visible in the dashboard under the participant session details screen.stringNO
metaAny meta info you want to associate with the user, you can also pass key value pairs JSON . maxlength 1000 chars`stringNO
externalUserIdAny external user id you want to associated with the user/token, it could the userId from your own databasestringNO
expireUnixSecunix time in seconds, This token is not valid after the specified time. If not specified then a token will be created that never expiresnumberNO
notBeforeUnixSecunix time in seconds. This token is not valid before the specified time.numberNO
ejectAfterElapsedTimeInSecuser who joins the meeting using this token will be ejected after the specified seconds from the meeting. Suppose you want to eject the user automatically after 30 mins then you will set this value to 1800 (30 mins in seconds)numberNO


In this guide, we have explained how you can create private meetings and authenticate users using access tokens.

To learn more checkout:

Feel free to contact us if you have any questions or need any assistance.