Architecture
The Orga Node SDK (@orga‑ai/node) operates as the secure backend layer in the Orga AI ecosystem.
It sits between your client applications and the Orga Cloud API, exchanging permanent API keys for short‑lived credentials used in real‑time sessions.
Understanding these layers helps you design scalable, secure integrations.
Layers at a Glance
Division of Responsibilities
| Layer | Responsibility |
|---|---|
| Client SDKs | Request ephemeral tokens and ICE configurations from your proxy endpoint (never directly from Orga). |
| Node SDK | Uses your API key to securely fetch credentials from Orga’s API, then returns { ephemeralToken, iceServers } to clients. |
| Orga Cloud API | Issues and validates short‑lived tokens for secure, authenticated WebRTC sessions. |
How It Works
When a client requests credentials from your backend:
- Your backend route calls
orga.getSessionConfig(). - The Node SDK internally handles both Orga API calls (for token + ICE).
- It responds to the client with a consolidated
SessionConfigobject. - The client uses this data to start its WebRTC connection with Orga Cloud.
đź”’ Security Principle:
The Orga API key is never shared with clients. Only temporary tokens are sent over the wire.
SDK Class Responsibilities
OrgaAI Class
The core class of the SDK encapsulates all operations needed for secure server‑side communication.
| Responsibility | Method |
|---|---|
| Request ephemeral token | fetchEphemeralToken() (internal) |
| Request ICE configuration | fetchIceServers() (internal) |
| Return full config object | getSessionConfig() (public, preferred) |
| Logging & Debug Output | debug: true flag in constructor |
Key Concepts
- Ephemeral tokens — short‑lived JWTs issued using your API key; they expire quickly and are safe to distribute to clients.
- ICE configuration — STUN/TURN servers provided by Orga to establish peer connections through NAT/firewalls.
- Timeouts — All requests are automatically timed out (default 10s) for stability.
- Debug logs — Enable
debug: trueto print request flow information in development.
Example Data Flow
Frontend (React / RN)
↓ /api/orga-client-secrets
Backend (Node SDK)
↓ POST /v1/realtime/client-secrets
↓ GET /v1/realtime/ice-config
Orga Cloud
↑ { ephemeralToken, iceServers }
Backend
↑ returns SessionConfig to client
Frontend
↑ starts WebRTC sessionDesign Principles
| Goal | Implementation |
|---|---|
| Security | API key usage restricted to trusted backend. |
| Simplicity | One function, getSessionConfig(), hides all internal HTTP calls. |
| Extensibility | Will support Python, Go, and other languages in future releases. |
Environment Requirements
| Requirement | Notes |
|---|---|
| Node.js ≥18 | Required for native fetch and AbortController. |
| ESM or CommonJS | Both supported. |
| Network Access | Must allow outbound HTTPS to https://api.orga-ai.com. |
| Environment Vars | ORGA_API_KEY, USER_EMAIL (temporary requirement). |
Example Integration Overview
Express
import express from "express";
import { OrgaAI } from "@orga-ai/node";
const router = express.Router();
const orga = new OrgaAI({
apiKey: process.env.ORGA_API_KEY!,
userEmail: process.env.USER_EMAIL!, // will be optional soon
debug: false,
});
router.get("/api/orga-client-secrets", async (_req, res) => {
try {
const data = await orga.getSessionConfig();
res.json(data);
} catch (err) {
console.error("Orga error:", err);
res.status(500).json({ error: "Internal server error" });
}
});
export default router;Next Steps
- Quick Start → Build a secure backend route in minutes.
- API Reference → Reference for the OrgaAI class.
- Troubleshooting → Troubleshooting guide.
Last updated on