Discussions

Hi HeyGen Team!

Would like to avoid exposing any session_token (https://api.heygen.com/v1/streaming.create_token)
We also have a Vite Project. creating-a-vite-project-with-streaming-sdk and fetching access token is in our backend (as you recommended).

Is it possible to use Streaming Avatar SDK with a New (recently created) session?
Something like:
const newSession = await createNewSession(); // call to https://api.heygen.com/v1/streaming.new
const avatar = new StreamingAvatar({ token: newSession.data.access_token })

Or what is your recommendation for protecting backend endpoint "/api/get-access-token", if the Avatar Application was on a public website?

Thanks a lot!

Istvan