Quick Start
Use the Orga Node SDK to generate secure session credentials for your client apps.
You’ll set up a backend endpoint that safely exchanges your API key for a short‑lived ephemeral token and ICE servers.
Install
npm
npm install @orga-ai/nodeNode SDK requires Node.js v18+ for native fetch support.
Set Environment Variables
Create a .env file to store your Orga API key (and for now, your user email).
ORGA_API_KEY=sk_orga_ai_******************************
USER_EMAIL=you@example.comđź”’ Security Note:
Never exposeORGA_API_KEYin frontend or client applications — it must remain on the server.
Create a Secure Endpoint
Use the Node SDK to set up a route that returns ephemeral credentials.
Express
import express from "express";
import { OrgaAI } from "@orga-ai/node";
const app = express();
const orga = new OrgaAI({
apiKey: process.env.ORGA_API_KEY!,
userEmail: process.env.USER_EMAIL!, // will become optional soon
debug: true,
});
app.get("/api/orga-client-secrets", async (_req, res) => {
try {
const creds = await orga.getSessionConfig();
res.json(creds);
} catch (err) {
console.error("Failed to get session config", err);
res.status(500).json({ error: "Internal server error" });
}
});
app.listen(5000, () => {
console.log("Server running on port 5000");
});The endpoint will return a JSON response similar to:
{
"ephemeralToken": "eyJhbGciOi...",
"iceServers": [
{ "urls": "stun:stun1.l.google.com:19302" },
{
"urls": ["turn:turn.orga-ai.com:3478"],
"username": "6b4c...",
"credential": "0433..."
}
]
}Test the Endpoint
Start your server:
node server.jsThen open a browser or run:
curl http://localhost:5000/api/orga-client-secretsYou should see a JSON object with { ephemeralToken, iceServers }.
Use It in Your Frontend SDKs
Once this endpoint works, point your frontend configuration to it:
OrgaAI.init({
// Simplest form — SDK will call this URL automatically
sessionConfigEndpoint: "http://localhost:5000/api/orga-client-secrets",
});Recommended: For production or authenticated setups, use the fetchSessionConfig callback instead of sessionConfigEndpoint.
Why: fetchSessionConfig is invoked by your code, so you can include custom headers, middleware, or session handling that an automatic endpoint call would skip.
OrgaAI.init({
fetchSessionConfig: async () => {
const res = await fetch("/api/orga-client-secrets", {
headers: { Authorization: `Bearer ${user.accessToken}` },
});
return await res.json(); // { ephemeralToken, iceServers }
},
});sessionConfigEndpoint is great for open demos or un‑auth’d public endpoints, but fetchSessionConfig is preferred for protected environments.
Example Console Output
[OrgaAI] Fetching session config...
[OrgaAI] Fetched ephemeral token: eyJhbGc...
[OrgaAI] Fetched ICE servers: 3If you see output like this in your server logs, your backend is provisioning connections for clients successfully.
Expand for Production
| Consideration | Recommendation |
|---|---|
| Authorization | Protect /api/orga-client-secrets with your app’s auth middleware. |
| CORS | Restrict origins if you host web clients. |
| HTTPS | Always use secure connections for token delivery. |
| Environment | Store ORGA_API_KEY and USER_EMAIL in secrets/CI, not in repo. |
Next Steps
- Architecture → Learn how the Node SDK fits into the Orga ecosystem.
- API Reference → Reference for the OrgaAI class.
- Troubleshooting → Troubleshooting guide.