Creating a KS with an AppToken gives an INVALID_APP_TOKEN_HASH even though the token is correct

Hi Guys, so I’m trying to create a KS with an appToken but I’m not able to, right now I’m using the API try out options that you guys provide through the documentation (no code so far), I’m going to list the steps here and the results that I’m getting.

  • Create an AppToken with appToken.add, this works as expected.
  • I tried creating the token with sessionType as ADMIN / USER (both of them gave me the same results when trying to create the KS).
  • The privileges I’m using when creating the token are: sview:*,list:*,download:*, not sure if this really matter because the creation process of the token pass successfully.
  • Example of the response I get from creating the appToken:
  "id": "0_o7l19k80",
  "token": "f973211b7115b849cc0b5",
  "partnerId": 2422451,
  "createdAt": 1537206876,
  "updatedAt": 1537206876,
  "status": 2,
  "expiry": 1637206833,
  "sessionType": 2,
  "sessionDuration": 3600,
  "sessionPrivileges": "sview:*,list:*,download:*",
  "hashType": "SHA256",
  "description": "Jo's local app token",
  "objectType": "KalturaAppToken"
  • After this I try to use appToken.startSession with id (being the token id) and tokenHash (being the token attribute).
  • The response I get is this:
  "message": "Invalid application token hash",
  "objectType": "KalturaAPIException",
  "args": []

What I expect is getting a successful KS. Help here would be much appreciate.


Hi @joseph_arrieta,

Please find full code samples here:;step=1

If you happen to be developing in Python, you may find this thread easier to follow:

If, after reviewing these, you’re still having issues, please post your full code and I’ll gladly take a look.


Hi @jess, your guidelines helped me in figuring out what was wrong in my code. Just a minor recommendation, it would be nice if you guys have an example that doesn’t use your client libraries, that way people like me (using Go, a language which you guys don’t provide a client library) is easier for us to follow the steps for creating a Kaltura Session through an AppToken.


Hello, I am experiencing the same error, while studying the AppToken Authentication workflow. I am trying to implement it in Ruby (using the Digest gem for hashing).
I also tried the same steps in another language (NodeJS), but the error is the same: whenever it comes to start the privileged session with the hashed token, the token hash is considered invalid.
I am able to start a widget session, I am able to retrieve previously created test tokens, but somehow the computed hash token is not considered valid.

Hi @annacostalonga ,

Please post your code here so I can review it and advise you.

Hello Jess
Thanks for your reply. I have managed to solve it now. Apparently it had to do with the Digest gem, I could not manage to compute a recognized/valid token hash with a SHA256 token. I had to choose a SHA1 token.
Then I was able to compute a valid token hash with a code like that:

  ascii_hash = client.ks.encode('ascii') + token
  token_hash = Digest::SHA1.hexdigest ascii_hash

Thanks again!

Hello @annacostalonga ,

Here’s a Ruby example that works properly (at least with my credentials):

require 'digest'
require 'kaltura'
include Kaltura

partner_id = ;
widget_id = "_" + partner_id.to_s;
token_id = "";
app_token = "";
user_id = nil;
type = KalturaSessionType::ADMIN
expiry = 86400;
session_privileges = ""
config =
config.service_url = ''
client =;

res = client.session_service.start_widget_session(widget_id);
token_hash = Digest::SHA256.hexdigest res.ks + app_token;
res = client.app_token_service.start_session(token_id, token_hash, user_id, type, expiry, session_privileges);
# res.ks should now be assigned to the client so it can make requests
print (res.ks)

Does it not work for you? If not, what’s the full response you get back?

Thanks it does work!