Best practices regarding user authentication with PjSIP for large user bases


What would be the best way of managing SIP registrations of a large user pool that changes hundreds of times on a daily basis with chan_pjsip?

What we’d really like to do, is on every registration attempt we can run a PHP script or similar via AGI or something like that and contact our external API and decide there if the user is allowed to register or not. When I’ve looked around this does not seem to be possible?

I’ve seen some people suggest that Kamailio should be used in front of Asterisk when there is a large user base to front the registrations.

What are the different options and the most popular ones to handle large frequently changing user bases with Asterisk that are behind NAT? (We do not want to use static config files…)

We tried with chan_sip to use allowguest and autocreatepeer and assign a long random username for each user that acts as an API key which worked very nicely but this approach doesn’t seem possible in PJSIP. This allowed us to accept registrations from anyone and then we authenticated the username on the actual INVITEs via our API utilizing AGI.

Is there anything besides Asterisk Realtime for handling large and changing userbases?

There is only configuration file and realtime for PJSIP.