Node: Getting Started

Learn how to turn the Orga Node SDK into a secure backend service that provisions client sessions. You will install the SDK, load secrets from environment variables, expose an endpoint (Express or Next.js), test it with curl, and point your client SDKs at it.

What you will build

A Node.js service (Express or Next.js API Route) that calls orga.getSessionConfig().
A JSON response with { ephemeralToken, iceServers } for browsers or mobile apps.
A verified workflow that frontend SDKs can call via fetchSessionConfig.

Prerequisites

Node.js 18+ (native fetch support) and npm/yarn/pnpm/bun.
An Orga API key from the Orga dashboard .
HTTPS access (via dev tunnel or TLS) before hitting production.

Keep your API key server-side only. This tutorial shows the minimal secure setup so React, React Native, or other clients never see the secret.

Install the SDK

Add the Node SDK to your project with your preferred package manager.

npm


npm install @orga-ai/node

yarn


yarn add @orga-ai/node

pnpm


pnpm add @orga-ai/node

bun


bun add @orga-ai/node

Requires Node 18+ (or any runtime with global fetch) to talk to the Orga API.

Load environment variables

Store your API key in a .env file.

.env


ORGA_API_KEY=sk_orga_ai_******************************

Never commit this file or inject these values into frontend bundles.

Create the session endpoint

Choose the backend flavor that matches your stack. Both responses return { ephemeralToken, iceServers }.

Express

server.ts


import 'dotenv/config';
import express from 'express';
import { OrgaAI } from '@orga-ai/node';
 
const app = express();
const orga = new OrgaAI({
apiKey: process.env.ORGA_API_KEY!,
debug: true,
});
 
app.get('/api/orga-client-secrets', async (_req, res) => {
try {
  const creds = await orga.getSessionConfig();
  res.json(creds); // { ephemeralToken, iceServers }
} catch (error) {
  console.error('Failed to get session config', error);
  res.status(500).json({ error: 'Internal server error' });
}
});
 
app.listen(5000, () => console.log('Server running on http://localhost:5000'));

Expected response shape:


{
  "ephemeralToken": "eyJhbGciOi...",
  "iceServers": [
    { "urls": "stun:stun1.l.google.com:19302" },
    {
      "urls": ["turn:turn.orga-ai.com:3478"],
      "username": "6b4c...",
      "credential": "0433..."
    }
  ]
}

Test the endpoint

Start your server and verify it returns credentials.


node server.ts


curl http://localhost:5000/api/orga-client-secrets

You should see the JSON payload with both ephemeralToken and iceServers. If not, check server logs—the SDK logs [OrgaAI] messages when debug: true.

Point client SDKs at it

React, React Native, and other Orga clients can now fetch session config from this endpoint.

app/providers/OrgaClientProvider.tsx


OrgaAI.init({
  fetchSessionConfig: async () => {
    const res = await fetch('https://api.yourdomain.com/orga-client-secrets', {
      headers: { Authorization: `Bearer ${user.accessToken}` },
    });
    if (!res.ok) throw new Error('Failed to fetch session config');
    return res.json(); // { ephemeralToken, iceServers }
  },
});

sessionConfigEndpoint is fine for open demos, but fetchSessionConfig gives you full control to add auth headers, rate limiting, or multi-tenant routing before calling your Node service.

Production checklist

Consideration	Recommendation
Authorization	Protect `/api/orga-client-secrets` with your auth middleware.
CORS	Lock origins to known web apps before going live.
HTTPS	Always terminate TLS before serving session data.
Secrets	Store `ORGA_API_KEY` in your secrets manager, not git.

Next steps

Read the Node SDK architecture overview.
Explore the Node SDK API reference.
Need troubleshooting tips? See the Node issues how-to.