> For a complete documentation index, fetch https://docs.voximplant.ai/llms.txt
# One-time key authorization
There are some cases when you need to log in users into a web phone automatically, but do not want a plain text password (which is accepted by the [login](https://voximplant.com/docs/references/websdk/voximplant/client#login) method) to be available in JavaScript code. This is where we can use the [loginWithOneTimeKey](https://voximplant.com/docs/references/websdk/voximplant/client#loginwithonetimekey) method to log in.
Let us assume that you need to log a user **myuser** into an application **myapp** in your Voximplant account **myaccount**, and this user has the password **mypass**.
1. Add a handler for the [AuthResult](https://voximplant.com/docs/references/websdk/voximplant/eventhandlers/authresult) event.
2. Request a one-time authentication login key using the [requestOneTimeLoginKey](https://voximplant.com/docs/references/websdk/voximplant/client#requestonetimeloginkey) function.
After you request your login key with **requestOneTimeLoginKey**, it expires after **5 minutes**. If you require a one-time login key for this account from another device, the current login key expires.
3. Calculate the token on your backend.
```javascript
MD5(`${login_key}|${MD5(`${myuser}:voximplant.com:${mypass}`)}`)
```
1. myuser does not include @appname.accname.voximplant.com;
* 2) this formula allows you to store only hashes on the backend, not passwords.
4. Send this token using the [loginWithOneTimeKey](https://voximplant.com/docs/references/websdk/voximplant/client#loginwithonetimekey) function.
5. Finally, you will receive [AuthResult](https://voximplant.com/docs/references/websdk/voximplant/eventhandlers/authresult) with **result == true** if the correct password was specified.
```javascript title="Example"
// app.js on client
// Please, change this data before go.
const appName = 'VOXAPPLICATION';
const account = 'ACCOUNT';
const username = `${appUser}@${appName}.${account}.voximplant.com`;
const voximplant = VoxImplant.getInstance();
voximplant.init();
// Connect to the cloud and request a key
voximplant.connect().then(() => voximplant.requestOneTimeLoginKey(username));
// Listen to the server response
voximplant.addEventListener(VoxImplant.Events.AuthResult, (e) => {
console.log(`AuthResult: ${e.result}`);
console.log(`Auth code: ${e.code}`);
if (e.result) {
// Login is successful
} else if (e.code == 302) {
console.log(e.key);
// IMPORTANT: You should always calculate the token on your backend!
$.post(
'https://your.backend.com/',
{
key: e.key
},
(token) => {
voximplant.loginWithOneTimeKey(username, token);
},
'text'
);
}
});
```
Example backend function **PHP**:
```php
echo md5($_REQUEST['key'].'|'.md5($myuser.':voximplant.com:'.$mypass));
```
**Ruby**:
```ruby
require 'digest/md5' concat Digest::MD5.hexdigest(request.POST['key']+'|'+Digest::MD5.hexdigest(myuser+":voximplant.com:"+mypass))
```
**Node.js**:
```javascript
const app = express();
let md5 = crypto.createHash('md5');
app.use(bodyParser.urlencoded({ extended: false }));
app.post('/', cors(), (req, res) => {
res.writeHead(200, { 'Content-Type': 'text/plain' });
const hash = md5
.update(`${req.body.appUser}:voximplant.com:${req.body.appUserPassword}`)
.digest('hex');
md5 = crypto.createHash('md5');
const token = md5.update(`${req.body.key}\|${hash}`).digest('hex');
res.end(token);
});
```
**Java(Spring)**:
```java
@RestController
@EnableAutoConfiguration
public class StartPoint {
private static final String login = "";
private static final String pass = "";
private static final String HASH;
static {
HASH = DigestUtils.md5DigestAsHex((login + ":voximplant.com:" + pass).getBytes());
}
@RequestMapping("/hash/{login}")
public String getHash(@PathVariable String login) {
String key = login + "|" + HASH;
return DigestUtils.md5DigestAsHex(key.getBytes());
}
public static void main(String[] args) {
SpringApplication.run(StartPoint.class, args);
}
}
```